Cryptography Reference
In-Depth Information
confirmwhether the receiver has the correct key for the day. Knowing that this
practice is being used, an attacker could well invest the time and memory space
in order to establish a massive database that contains the encryption of 00
0
under every possible key in the keyspace (this would be impractical to do for
every possible plaintext, but potentially feasible to do for this one plaintext).
The attacker could then wait for the morning confirmation message to be sent
to the organisation from the receiver, and then consult this database in order
to establish what key is being used. The point here is that an exhaustive search
for the key is still hard, but a bad implementation practice has made it possible
to search for the key using a different technique.
Key management
. Most effective attacks on cryptosystems exploit bad key
management practices. Complexity theory tells us nothing about the feasibility
of exploiting bad key management to conduct an attack.
...
Any real notion of practical security needs to take these types of issue into
account.
3.2.4
Design process of a cryptosystem
The following chapters will focus on describing cryptographic primitives and
how they work. However, it is extremely important from a practical security
perspective to recognise that the primitives themselves must always be considered
as part of a process, rather than isolated mechanisms. The process that surrounds
a cryptographic primitive includes the following:
SELECTION OR DESIGN OF A PRIMITIVE
The selection of a cryptographic primitive depends on the application require-
ments. For example, with respect to selection of an encryption algorithm, this part
of the process may involve asking questions such as:
• should we use symmetric or public-key encryption?
• what requirements and/or restrictions on the key length exist?
• should we adopt a publicly known encryption algorithm or develop our own
proprietary encryption algorithm?
Throughout our discussion of cryptographic primitives we will investigate some
of the properties that influence this selection (design) process. Note that in
many cases the financial or operational constraints may dictate the use of certain
primitives. For example, an organisationmight be forced to use a specific primitive
in order to comply with a relevant application standard.
MODE OF USE
Cryptographic primitives can be used in different ways in order to achieve
different security goals. For example, symmetric encryption algorithms can be:
• implemented in specific ways in order to achieve particular properties (we
discuss these different
modes of operation
in Section 4.6);
