Cryptography Reference
In-Depth Information
useful background information. Cryptographic secure file storage is also discussed
in Cobb [47]. A good tool for disk encryption is TrueCrypt [192], on whose website a
great deal of interesting information can be found about the underlying cryptographic
mechanisms used. Email security is coveredby informative chapters in Stallings [183],
Garfinkel and Spafford [88] and Cobb [47]. NIST also dedicate special publication
NIST 800-45 [138] to this subject.
1
. Consider two different 'worlds' with respect to cryptographic applications:
World 1
: the early 1970s;
World 2
: today.
The cryptographic applications discussed in this chapter belong to the second
of these 'worlds' (indeed, many were unimaginable in the first of these 'worlds').
At a fairly high and generic level, compare these two 'worlds' by considering the
following issues for each of them. In each of the two worlds:
(a) Who is using cryptography and for what applications?
(b) What type of cryptography is deployed?
(c) What security services are implemented?
(d) What technology is used to conduct cryptographic operations?
(e) How secure is a typical 'communication channel'?
(f) How secure are the 'end points' (the sender and receiver's local environ-
ments)?
(g) How reliable are the cryptographic mechanisms that are used?
(h) How straightforward is key management?
(i) Are there any security issues relating to cryptography in the first 'world' that
do not apply to the second 'world'?
(j) Are there any security issues relating to cryptography in the second 'world'
that do not apply to the first 'world'?
(k) Summarise the discussion by commenting on whether the role and
effectiveness of cryptography has changed between these two 'worlds'.
2
. Many cryptographic applications support a range of different cryptographic
algorithms.
(a) Which of the applications discussed in this chapter support a range of
cryptographic algorithms, rather than recommending a fixed encryption
algorithm?
(b) Discuss the pros and cons of supporting a range of cryptographic algorithms
in an application.
(c) Why might a relatively 'weak' cryptographic algorithm be included amongst
a set of supported cryptographic algorithms?
(d) What security issues might arise from including a relatively 'weak' crypto-
graphic algorithm in a set of supported cryptographic algorithms?
