Tuesday, October 13, 2009 4:23:00 AM
In these posts I’ll describe some basic principles of cryptography.
With over a decade of cryptography experience I’ll offer information, tips and tricks I’ve learnt over time.
I believe that most cryptographic implementations are flawed because of simple lack of understanding. I’ll attempt to outline how cryptography works so that people can make systems stronger.
What Is Cryptography?
Cryptography literally means hiding information. Cryptography of data can be likened to security measure on a building. Some measures, such as guarded doors, prevent intrusion into the building by unauthorised people, which is like firewalls blocking intrusion into a computer network. Some measure ensure that only some people have access to some areas of the building, such as security cards, which is similar to computer login security. Some measures prevent intruders from gaining access to your specific items in a building, such as safes protecting company documents, which is similar to encrypting data.
And just like these similes, if a thief is knowledgeable enough, has the right tools and has enough time, they can get in and get the valuables. There is no security that can be put on a building that will stop someone getting in if they have the time, money and resources. The intention is to make it so difficult and require so much effort that it isn’t worth while.
If you think your office building with the very best security measures, a military strike force is likely to make short work of getting your valuables. Therefore all of your security measures are targeted at organisations with fewer resources than governments and armies. So if you want to protect information that is important to national security, a well secured office building isn’t adequate. However, information that is only useful to your competitors is likely to be perfectly safe in the same office.
Unfortunately computers cut through a lot of physical barriers, so the resources required to break into and through computer security is more a matter of time. In the real world the time taken to crack a safe is dependent on the construction of the safe (materials and design), the skill of the safe cracker and the tools the safe cracker has at hand. In cyberspace the time taken to crack an encryption is dependent on the strength of the encryption (type and key), and the processor resources available to crack the encryption. Throw 1,000 safe crackers at a safe and you will probably slow down the safe cracking process. Through 1,000 computers at an encryption and you will crack the encryption 1,000 times faster.
Once someone has your data, encrypted or otherwise, it is just a matter of time before they can access the data. For this reason the strongest focus of cryptography is on the procedures and processes put in place to block people from getting to the data in the first place. That includes ensuring the communication taking place is between validated and authenticated people and ensuring that the communication is secure. Encryption, although a valuable tool, is always a safety backup.
Copyright 2006 Blog Author