Cryptography Reference
In-Depth Information
attacker's capabilities. Indeed, many academic attacks involve quite unrealistic
assumptions and thus do not have practical impact (for example, they require an
impractical number of deliberately chosen plaintext/ciphertext pairs). Others only
have practical security implications for some types of application. Nonetheless,
the fact that any attack was found at all might be a cause for concern, particularly
if the attack technique has the potential to be improved.
Thus caution should be applied before reacting to claims that a particular
cryptographic algorithmhas been broken. It is important to recognise that without
context and detail, such a claim on its own has very little meaning. More detailed
information should always be sought and, if necessary, expert opinion should be
obtained.
In this chapter we motivated the need for cryptography and discussed issues
concerning its use. In particular, we introduced the basic model of a cryptosystem,
as well as important terminology. There are a number of lessons that have emerged:
• The need to secure information is not a new concept, but the environment
within which information needs to be secured has changed significantly.
• Cryptography provides the technical means to replicate some of the fundamen-
tal security requirements of the physical world in an electronic environment.
• Cryptography can offer strong protection, but only against certain specific
threats. It is just as important to be aware of the security threats that
cryptography does not protect against, as to be aware of those threats that
it does address.
• There are twodifferent types of cryptosystem, symmetric andpublic-key. These
have significantly different properties and each type of cryptosystem has its
own inherent advantages and disadvantages, which we will discuss in later
chapters. Symmetric and public-key cryptosystems are often combined in real
systems.
• In order to assess the security offered by a cryptosystem, it is important to
establish clear assumptions about what an attacker can do, andwhat resources
they might make available to attack the cryptosystem.
Cryptography provides fundamental mechanisms for supporting information secu-
rity. A reader wishing to explore information security in more detail has plenty of
options. A good starting place is Schneier [170], which provides a very accessible
overview of different computer security problems and, in particular, places the role
