LRQA Nettitude Blog

Cryptography Has Been "Broken"...Or Has It?

Posted by Matthew Gough on Sep 29, 2011

A new year started and why change good habits - or maybe this is a New Year’s resolution? I’m just back from the second New York Metro ISSA Chapter meeting of 2012. Here is my quick wrap-up.

Pushing a strong line up the meeting was geared up to discuss the not so interesting topic of cryptography, as well as the challenges of PKI deployment. With many research papers appearing stating to have "broken" various hashing and encryption ciphers the first speaker, John Callas from Entrust, put this into perspective.

Currently one of the finalists in the NIST's SHA3 competition, John's 45min slot covered a top level of view of threats to cryptography - hence quantum computing. John reassured the audience the current suite of encryption ciphers are pretty solid despite the recent exposures found in the popular AES cipher. Where a biclique attack was found to disclose 2 bits faster than traditional brute forcing attacks (http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf). "Broken" in cryptography is the result of any attack that is faster than brute force. The biclique technique described allows attackers to recover keys up to five times faster than brute-force. AES may not be completely broken, but it's broken nonetheless.

With weaknesses starting to appear what can we do to protect ourselves? Encryption should be looked on as another layer of security. We all know defence in depth is a staple part of any good secure system design and we must not lose sight of the fact that anything that has been encrypted can be decrypted so key management is really where attention to detail is crucial.

For those of you that are unaware The Information Systems Security Association (ISSA)® is a "not-for-profit, international organisation of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members."

This is my first experience of the ISSA New York metro chapter and of the ISSA, having only joined the ISSA in November 2011. I can honestly say this is one of the most informative events I have found in New York and look forward to the next event.

To contact Nettitude's editor, please contact media@nettitude.com.

Topics: Cryptography, Nettitude, Security Blog, Uncategorized

Subscribe Here!

About Nettitude

Nettitude is the trusted cybersecurity provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Recent Posts

Posts by Tag

See all