SECURITY PITFALLS IN CRYPTOGRAPHY

Short Description
agazine articles like to describe cryptography products in terms of algo- … Strong cryptography is very powerful when it is done right, but it is not a …

Website: www.schneier.com | Filesize: 55kb

Content
SECURITY PITFALLS
IN CRYPTOGRAPHY
by Bruce Schneier
Magazine articles like to describe cryptography products in terms of algorithms
and key length. Algorithms make good sound bites: they can be
explained in a few words and they’re easy to compare with one another. “128-
bit keys mean good security.” “Triple-DES means good security.” “40-bit keys
mean weak security.” “2048-bit RSA is better than 1024-bit RSA.”
But reality isn’t that simple. Longer keys don’t always mean more security.
Compare the cryptographic algorithm to the lock on your front door. Most
door locks have four metal pins, each of which can be in one of ten positions.
A key sets the pins in a particular configuration. If the key aligns them all correctly,
then the lock opens. So there are only 10,000 possible keys, and a burglar
willing to try all 10,000 is guaranteed to break into your house. But an
improved lock with ten pins, making 10 billion possible keys, probably won’t
make your house more secure. Burglars don’t try every possible key (a bruteforce
attack); most aren’t even clever enough to pick the lock (a cryptographic
attack against the algorithm)….