Graphics Programs Reference
In-Depth Information
encryption, credit card transactions at popular websites would be either
very inconvenient or insecure.
All of this private data is protected by cryptographic algorithms that are
probably secure. Currently, cryptosystems that can be proven to be secure
are far too unwieldy for practical use. So in lieu of a mathematical proof of
security, cryptosystems that are
practically secure
are used. This means that it's
possible that shortcuts for defeating these ciphers exist, but no one's been
able to actualize them yet. Of course, there are also cryptosystems that aren't
secure at all. This could be due to the implementation, key size, or simply
cryptanalytic weaknesses in the cipher itself. In 1997, under US law, the
maximum allowable key size for encryption in exported software was 40 bits.
This limit on key size makes the corresponding cipher insecure, as was shown
by RSA Data Security and Ian Goldberg, a graduate student from the Uni-
versity of California, Berkeley. RSA posted a challenge to decipher a message
encrypted with a 40-bit key, and three and a half hours later, Ian had done
just that. This was strong evidence that 40-bit keys aren't large enough for a
secure cryptosystem.
Cryptology is relevant to hacking in a number of ways. At the purest
level, the challenge of solving a puzzle is enticing to the curious. At a more
nefarious level, the secret data protected by that puzzle is perhaps even more
alluring. Breaking or circumventing the cryptographic protections of secret
data can provide a certain sense of satisfaction, not to mention a sense of
the protected data's contents. In addition, strong cryptography is useful in
avoiding detection. Expensive network intrusion detection systems designed
to sniff network traffic for attack signatures are useless if the attacker is using
an encrypted communication channel. Often, the encrypted Web access
provided for customer security is used by attackers as a difficult-to-monitor
attack vector.
0x710
Information Theory
Many of the concepts of cryptographic security stem from the mind of
Claude Shannon. His ideas have influenced the field of cryptography greatly,
especially the concepts of
diffusion
and
confusion
. Although the following
concepts of unconditional security, one-time pads, quantum key distribution,
and computational security weren't actually conceived by Shannon, his ideas
on perfect secrecy and information theory had great influence on the
definitions of security.
0x711
Unconditional Security
A cryptographic system is considered to be unconditionally secure if it
cannot be broken, even with infinite computational resources. This implies
that cryptanalysis is impossible and that even if every possible key were tried
in an exhaustive brute-force attack, it would be impossible to determine
which key was the correct one.
