Cryptography Reference
In-Depth Information
special one. The potential risks from bad cryptology are higher than the risks
from poorly secured material assets.
•
Communication intruders don't usually leave traces, and data theft can
often not even be proved.
•
Cracked algorithms have retroactive consequences: encrypted messages
intercepted at an earlier date can perhaps be decrypted and used later on
when technology marches on.
•
With too strong a proliferation of one single weak encryption algorithm,
or a program using it, there is a risk of massive compromise with unpre-
dictable consequences. Suppose 70 % of digital signatures were created
using the program of one single commercial vendor (which expressly
excludes PGP), and the asymmetric method used would be RSA.
None of the users would presume that the program doesn't use real ran-
domness when generating RSA keys; instead, it uses prime numbers from
a set consisting of a few million elements. When deemed necessary, a
government agency could quickly factor these keys, collect global infor-
mation, and pay considerable amounts of money to the dishonest vendor
for his kindness.
In general, the current information security landscape looks rather gloomy,
mainly in the private area. Apart from the totally insufficient security of the
widely used Windows systems and a large quantity of PC software, security
doesn't rank high in firms either, because it is (still) too expensive and doesn't
increase operational profits. Denying vulnerabilities (I like to recall the overly
used claim of '100 % reliable technology') is cheaper. All it takes is to keep
secret the innards of an operating system and application software as well
as the encryption algorithms used, and hope that hackers won't find these
vulnerabilities. By the time they do, one would long have the next release
ready, which would naturally be
much
better and
more
secure, though not
totally for free.
No Reason to Panic
Nevertheless, there is actually no reason to be downcast; on the contrary, there
is a lot to do. Cryptology gives us the tools that can make our world more
secure. We have learned several interesting approaches in this topic to dispel
the concerns expressed above.
