#header-inner {background-position: right !important; width: 100% !important;}

11/9/13

Cryptography as part of Secure System.

Usually computer system is not lacking in this department.

Compared to Bank Vaults with large steel doors and strong locks (locks can be compared to cryptography), computer systems seem to be tents with large door and strong locks. People love to argue about the exact key length of cryptographic systems, but fixing 'buffer overflow' in Web servers is much less fun. The result is predictable, the attackers find a 'buffer overflow' and never bother attacking cryptography.

There is, however one reason why cryptography is important to get right, even in systems that have other weaknesses. An attacker who breaks cryptography has a low chance of being detected.

It's like comparing it to real-life break in. If the burglar uses a crowbar to break in, you will at least see that a break-in has occured. If the burglar picks the lock, you might never find out that a burglary occured.

Many modes of attack leave traces, or disturb system in some way. An attack on the cryptography can be fleeting and invisible, allowing the attacker to come back again and again.

No comments:

Post a Comment