Cryptography Reference
In-Depth Information
The hourly change of the server keys in the Secure Shell (SSH1
(Section 7.3) limits retroactive damage caused by somebody breaking
into a computer.
The Web of Trust of PGP almost prevents even intelligence agencies
compromising large parts of email connections. The decisive property of
this network is that even a clever attacker would initially compromise
only small parts of the network, which would be discovered. Even bet-
ter, 'insecure customers' can be 'circumvented'. I guess power-securing
works that way. Unfortunately, this beautiful concept plays almost no
role in practice, as we saw in Section 7.2.3, but the Internet is based
on the same philosophy and has successfully resisted all attacks to date.
Perhaps this kind of error-tolerance should be planned into security more
often than it is?
The timestamp time series from Section 6.6.1 is another example of a
mutual protection that can hardly be broken.
Supporting several encryption algorithms as in SSH reduces the risks
related to blindly using cryptography. Clean interfaces to the algorithms
improve the situation further: suspicious users can embed their own algo-
rithms, or compare the outputs of the methods implemented with those
used in reference implementations. Moreover, it is not a problem (rather
a cost issue) to use modified or stronger algorithms from other vendors,
or to combine them with the algorithms built in. Problems can arise with
ciphering hardware.
My ideal is that cryptologists would find a 'component kit' of algorithms,
where any combination of its parts produces a method roughly equally
secure and, on the other hand, one could plausibly show that no uniform
cryptanalysis of all of these methods would be possible.
Fail-stop signatures offer at least a possibility to discover fraud, probably
even to prevent it.
Variable, combined biometric methods and two-factor authentications
close dangerous security holes, which are caused solely by using weak
passwords or many PINs.
In our buying decisions, in negotiations with vendors, and in product reviews,
we will all be able to contribute to convincing software vendors to disclose the
security-critical details of their programs provably as a matter taken for granted
one day. This is currently utopia, but a quarter of a century ago when IBM
Search WWH ::




Custom Search