Ashwin Bharambe --------------- Why Cryptosystems Fail Most important points: Most real-world cryptosystems fail not because the crypt-algorithm is inherently insecure, but because of: a. managerial/secretarial blunders/mishandling, b. customers being stupid and not being able to protect the ``keys'', c. insider perpetrated frauds, or d. implementation bugs. The author suggests {\it robustness} of security products as a way to prevent failure of deployable cryptosystems. What this means is using the following software engineering principles while building the system: a. being explicit about the achievable/required design goals as well as the assumptions, b. enumerating the failure modes and procedures to deal with them. In addition to the above, the software certification agency should certify the software on the basis of the ease and dependability of its use by ``laymen''. Deficiency: The treatment, in particular, the term 'explicitness' is far too abstract. A real world example of when explicitness had been compromised and how it affected later transactions would have been much more illuminating. Conclusion: Knowledge ( either, {\it a-priori} or otherwise ) of failure of a system in {\bf practice} is as important as that in theory. Maintainablity and ease of deployment are key factors which a system-designer should take into account while designing the system.