Unformatted text preview: has admitted that most security failures in its area of interest are due to failures in implementation, and not failures in algorithms or protocols . In these instances it didn’t matter how good the cryptography was; the successful attacks bypassed it completely. 10.1 Choosing an Algorithm
When it comes to evaluating and choosing algorithms, people have several alternatives: — They can choose a published algorithm, based on the belief that a published algorithm has been scrutinized by many cryptographers; if no one has broken the algorithm yet, then it must be pretty good. — They can trust a manufacturer, based on the belief that a well-known manufacturer has a reputation to uphold and is unlikely to risk that reputation by selling equipment or programs with inferior algorithms. — They can trust a private consultant, based on the belief that an impartial consultant is best equipped to make a reliable evaluation of different algorithms. — They can trust the government, based on the belief that the government is trustworthy and wouldn’t steer its citizens wrong. — They can write their own algorithms, based on the belief that their cryptographic ability is second-to-none and that they should trust nobody but themselves. Any of these alternatives is problematic, but the first seems to be the most sensible. Putting your trust in a single manufacturer, consultant, or government is asking for trouble. Most people who call themselves security consultants (even those from big-name firms) usually don’t know anything about encryption. Most security product manufacturers are no better. The NSA has some of the world’s best cryptographers working for it, but they’re not telling all they know. They have their own interests to further which are not congruent with those of their citizens. And even if you’re a genius, writing your own algorithm and then using it without any peer review is just plain foolish. The algorithms in this book are public. Most have appeared in the open literature and many have been cryptanalyzed by experts in the field. I list all published...
View Full Document
- Fall '10
- Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips