Schneier-whycrypto - With cryptography, what you see isn't...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
WHY CRYPTOGRAPHY IS HARDER THAN IT LOOKS by Bruce Schneier F rom e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today’s information systems. Cryptography helps provide accountability, fairness, accuracy, and confiden- tiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can prove your identity or protect your anonymity. It can keep vandals from altering your Web page and prevent industrial com- petitors from reading your confidential documents. And in the future, as com- merce and communications continue to move to computer networks, cryptography will become more and more vital. But the cryptography now on the market doesn’t provide the level of security it advertises. Most systems are not designed and implemented in concert with cryptographers, but by engineers who thought of cryptography as just anoth- er component. It’s not. You can’t make systems secure by tacking on cryptog- raphy as an afterthought. You have to know what you are doing every step of the way, from conception through installation. Billions of dollars are spent on computer security, and most of it is wasted on insecure products. After all, weak cryptography looks the same on the shelf as strong cryptography. Two e-mail encryption products may have almost the same user interface, yet one is secure while the other permits eavesdropping. A comparison chart may suggest that two programs have similar features, although one has gaping security holes that the other doesn’t. An experienced cryptographer can tell the difference. So can a thief. Present-day computer security is a house of cards; it may stand for now, but it can’t last. Many insecure products have not yet been broken because they are still in their infancy. But when these products are widely used, they will become tempting targets for criminals. The press will publicize the attacks, undermining public confidence in these systems. Ultimately, products will win or lose in the marketplace depending on the strength of their security. With cryptography, what you see isn’t what you get. Subtle flaws can render any security system vulnerable to attack. Counterpane Systems has the expertise you need to make sure your system is as secure as it looks. Copyright © 1997 Counterpane Systems. All rights reserved. COUNTERPANE SYSTEMS
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Counterpane Systems page 2 E very form of commerce ever invented has been subject to fraud, from rigged scales in a farmers’ market to counterfeit currency to phony invoic- es. Electronic commerce schemes will also face fraud, through forgery, misrep- resentation, denial of service, and cheating. In fact, computerization makes the risks even greater, by allowing attacks that are impossible against non-auto- mated systems. A thief can make a living skimming a penny from every Visa cardholder. You can’t walk the streets wearing a mask of someone else’s face, but in the digital world it is easy to impersonate others. Only strong cryptog-
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 8

Schneier-whycrypto - With cryptography, what you see isn't...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online