• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL

Chapter 13. Cryptography > How to Evaluate Cryptography

How to Evaluate Cryptography

The operational security of a system that uses cryptography depends on the security of the cryptographic algorithms in use, the correct design of the cryptographic protocols, and, above all, proper key management.

  • Algorithms

    The design of cryptographic algorithms is very specialized. Don't try this at home. Instead, choose an established and well-understood algorithm that offers the features you need and that is sufficiently strong for your purposes. Because cryptography is still a rapidly developing field, it is prudent to be prepared for unpleasant surprises. When possible, design systems so that the cryptographic algorithms can be replaced with new ones. If you choose an algorithm that can use keys of different lengths, be prepared to use longer keys in the future. Someone may try to sell you a new cryptographic algorithm with claims of better security, better performance, or some other advantage. Using such an algorithm can be dangerous, because you can't really tell how good it is. It may seem boring to use algorithms that are well known and well understood, but it is certainly safer.

  • Modes

    Many cryptographic algorithms are block-oriented, meaning that they process the plaintext in blocks that usually range in size from 64 bits to 256 bits. When the message is longer than a single block, the algorithm runs as many times as needed to encrypt the entire message. The mode of an algorithm determines how the processing of one block affects the processing of other blocks. There are several ways to do this, and they are very subtle. Use of the wrong mode can render the entire system subject to easy attack.

  • Protocols

    The design of cryptographic protocols is perhaps more accessible than the design of algorithms, but even the simplest-appearing protocols are fraught with an amazing number of subtle bugs. Don't try this at home either. Whenever possible, use established protocols (and when it is not possible, try harder to find one that works). As with algorithms, the use of modular components allows you to introduce new protocols from time to time. This is especially useful if weaknesses are discovered in an older protocol, which sometimes occurs.

  • Key management

    Key management is the most difficult part of cryptography, and it is also the least discussed. Don't even consider trying to design it yourself, except that you may have to if the systems and components you want to buy don't do it. Key management includes the generation, distribution, storage, and updating of keys. Because modern cryptographic algorithms and protocols are very strong, key-management systems are a tempting target for attackers. When evaluating a system for secure communications, it is important to ask hard questions about the workings of the built-in mechanisms for key generation, storage, and distribution. Sometimes, however, these functions are left to the user of the system, and there is no choice but to design and implement them yourself.



Not a subscriber?

Start A Free Trial

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint