[ISN] Cryptography at the core of sound IT security

From: InfoSec News (isnat_private)
Date: Mon Jun 09 2003 - 22:22:02 PDT

  • Next message: InfoSec News: "[ISN] IT Managers See Need for Risk Metrics"

    http://www.computerworld.com/securitytopics/security/story/0,10801,81955,00.html
    
    By Chris Conrath
    ITWorldCanada.com
    JUNE 09, 2003
    
    TORONTO - Whitfield Diffie, chief security officer at Sun Microsystems
    Inc., likes to dole out his first tenet of IT security -- one no one
    should forget.
    
    "Whenever you have a secret, you have a vulnerability."
    
    The tenet, given during the keynote at the Infosecurity Canada
    conference in Toronto last week, points to one of cryptography's --
    and IT security's, for that matter -- basic pillars: if you have
    something you want to control, you have a problem.
    
    Diffie, who is best known for his discovery of public key cryptography
    more than a quarter century ago, spoke via satellite to a packed room
    of IT experts, all of whom are trying to come to grips with their
    growing difficulties controlling corporate information.
    
    "The problem has diversified out around the solutions," he said,
    noting that increased use of cell phones, pagers and mobile computing
    devices has made an already difficult situation worse. Regardless,
    there is too much business value passing through these devices for the
    security issues to be ignored, he added.
    
    Part of the larger problem is that there is no one effective way to
    channel cryptographic needs since there are so many different
    protocols, he said.
    
    Diffie traced the entire security issue back to the origins of
    cryptography hundreds of years ago, but he keyed in on radio as the
    first example of a new technology that made the dissemination of
    information easy but the control proportionally more difficult.
    
    It was a great way to communicate but everyone else had access to your
    data, he explained.
    
    Diffie asserted that companies will have to get a lot better at
    protecting their proprietary data if they don't want to find
    themselves in the position of the dress designer who hands a pattern
    to a dress maker only to find knock-off copies being produced days
    later.
    
    The solution may lie in the use of the new advanced encryption
    standard (AES) Rijndael, Diffie offered, "If AES is as strong as it
    appears.
    
    "Assuming we are correct and the system is sound" we are looking at
    tens of thousands of years before it could be cracked, he explained.
    
    This assertion seems open for debate. In a Bruce Schneier CryptoGram
    newsletter late last year, Schneier brought up the possibility that
    AES could be cracked by techniques faster than brute force. However,
    even Schneier -- himself a world renown cryptographer -- said there is
    no need to panic, as the discussion around AES' vulnerability is
    entirely theoretical.
    
    Diffie added that even with the advent of quantum computing in the
    near future, AES "traffic is not going to be read in the foreseeable
    future."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jun 10 2003 - 00:00:59 PDT