How To

A Field Guide to Spotting Bad Cryptography

It takes an expert to determine whether a cryptographic system is truly secure, but CSOs can learn to spot red flags

By Simson Garfinkel

Page 3

Red Flag #3:

Proprietary Algorithms

Related to the red flag of suspiciously long keys is the red flag of proprietary encryption algorithms. Cryptography research-ers have spent decades developing encryption standards like AES, triple DES and RSA that are considered good enough for the most sensitive information. Generally, there is no reason to consider using anything other than a published standard encryption algorithm.

Experience has shown that secret, proprietary algorithms are rarely as strong as encryption algorithms that have been published and publicly analyzed. A basic tenet of modern cryptography is that the entire security of an encrypted message should rest with the encryption key, not with the encryption algorithm. Thats because its nearly impossible in todays world to keep an algorithm secret: An attacker can always obtain a copy of your program, reverse-engineer it and learn the encryption algorithm thats in use.

Usually algorithms that are purportedly secret can make that claim only because nobody has been suitably motivated to figure out how they work. One of the best examples was the closely guarded DVD encryption algorithm used for preventing consumers from making unauthorized copies of DVDs. This algorithm was widely adopted by the consumer entertainment industry, put into tens of millions of DVD players, and cracked by a high school student.

So why do vendors sometimes develop secret algorithms and try to get customers to buy them? Sometimes it is because the vendor didnt have a handle on its software development process: Perhaps a programmer thought that it would be fun to write a new encryption algorithm rather than use one of the standards. Other times it is because the company is trying to cut costs. Most frequently, though, its because the people who were charged with developing the cryptographic system fundamentally didnt understand cryptography in practice.

Red Flag #4:

Keys That Cant Be Changed

Since the security of an encryption system depends on the key, there should be a way to change a key if it is compromised. Many commercial systems use a small number of fixed and un-changeable encryption keys to protect their data. Once again, the best known of these systems was the DVD encryption system: Although the industry imagined it would simply change the decryption keys for future DVDs if the system was compromised, after the break, the industry discovered that there was no way to upgrade all of those DVD players in the field. Whoops.

Evaluate the Options

With this simple list of red flags you can start evaluating the various charlatans and hucksters who come into your office trying to sell you their cryptography paraphernalia. But be careful: A little knowledge can be dangerous if it is misapplied.

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors