Cryptography Reference
In-Depth Information
the IT department of your company. For important software updates we need your
password”. It is always surprising how many people are naıve enough to actually
give out their passwords in such situations.
This list of attacks against cryptographic system is certainly not exhaustive. For
instance, buffer overflow attacks or malware can also reveal secret keys in software
systems. You might think that many of these attacks, especially social engineering
and implementation attacks, are “unfair,” but there is little fairness in real-world
cryptography. If people want to break your IT system, they are already breaking the
rules and are, thus, unfair. The major point to learn here is:
An attacker always looks for the weakest link in your cryptosystem. That
means we have to choose strong algorithms
and
we have to make sure that
social engineering and implementation attacks are not practical.
Even though both implementation attacks and social engineering attacks can be
quite powerful in practice, this topic mainly assumes attacks based on mathematical
cryptanalysis.
Solid cryptosystems should adhere to
Kerckhoffs' Principle
, postulated by Au-
guste Kerckhoffs in 1883:
Definition 1.3.1
Kerckhoffs' Principle
A cryptosystem should be secure even if the attacker (Oscar) knows
all details about the system, with the exception of the secret key. In
particular, the system should be secure when the attacker knows the
encryption and decryption algorithms.
Important Remark:
Kerckhoffs' Principle is counterintuitive! It is extremely tempt-
ing to design a system which appears to be more secure because we keep the details
hidden. This is called
security by obscurity
. However, experience and military his-
tory has shown time and again that such systems are almost always weak, and they
are very often broken easily as soon as the secret design has been reverse-engineered
or leaked out through other means. An example is the Content Scrambling System
(CSS) for DVD content protection, which was broken easily once it was reverse-
engineered. This is why a cryptographic scheme must remain secure even if its de-
scription becomes available to an attacker.
1.3.2 How Many Key Bits Are Enough?
During the 1990s there was much public discussion about the key length of ciphers.
Before we provide some guidelines, there are two crucial aspects to remember:
1. The discussion of key lengths for symmetric crypto algorithms is only relevant
if a brute-force attack is the best known attack. As we saw in Sect. 1.2.2 during
the security analysis of the substitution cipher, if there is an analytical attack that
