In Depth
Cyber Security, the Nuclear Threat and You: Cassandra's Guide to the 21st Century
Richard Power interviews Martin Hellman and mulls nuclear risk
By Richard Power
Now Hellman hopes he has a third "fool's home run" in him; he says his nuclear risk analysis project has "the same feeling" as the others.
Here are some more highlights from our conversation.
Power: Let's start in the space of cyber security. What would you like to say about the role of cryptography and encryption in cyber security? Looking back over the last 15 years, what has it done for us? What has it not done for us? What are the lessons learned?
Hellman: "When Whit Diffie and I published New Directions in Cryptography in 1976 (I always talk in terms of Whit Diffie and me, because we were working together. (Ralph Merkle was also working, independently, at Berkeley, and he was involved integrally in terms of public key cryptography), we thought that widespread use of encryption was five years, or at the most, ten years away. It turns out we were wrong by a factor of 2 to 3 (or maybe 4). Visionaries see the future better than the average person, but we were too optimistic. & We have been somewhat concerned with the limited gene-pool in public key cryptography. When we developed public key cryptography, we thought there would be a wide range of choices for public key crypto systems, just as there is a wide range of choices for conventional crypto. When they did the Advanced Encryption Standard (AES) call for algorithms, they got about 15 algorithms, and they could have had more; whereas, in public key cryptography, we had the Diffie-Hellman key exchange, and the El Gamal signatures and the RSA public key crypto system. & That is a very limited DNA. In the progress of cryptanalysis, i.e., what we knew in 1976 versus what we knew in 1980 versus what we knew in 1990, there have been major advances made; none of which have actually broken these systems, but which have pushed the required key sizes upward. When I was giving lectures on this in the late 1970s, I would put up slide and propose that the key size for RSA, if you wanted to be conservative, should have been at least two thousand bits. And I pointed out that if you factored in one more advance you might need as much as ten thousand bits. Now, with the advances we have seen, one more could push us up beyond ten thousand bits. So elliptic curve needs to be looked at, but even with elliptic curve it is a more limited gene pool than we would like. It is potentially vulnerable."
nuclear threat
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
