Cryptographic design vulnerabilities

Cryptographic design vulnerabilities

Strong cryptography is very powerful when it is done right, but it is not a panacea. Focusing on cryptographic algorithms while ignoring other aspects of security is like defending your house not by building a fence around it, but by putting an immense stake in the ground and hoping that your advers...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer (Long Beach, Calif.) Calif.), 1998-09, Vol.31 (9), p.29-33
1. Verfasser: Schneier, B.
Format: Artikel
Sprache:eng
Schlagworte:
Algorithm design and analysis
Buildings
Communication system security
Cryptographic protocols
Cryptography
Cybersecurity
Data encryption
Multiaccess communication
Pins
Power system security
Product design
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 33
container_issue 9
container_start_page 29
container_title Computer (Long Beach, Calif.)
container_volume 31
creator Schneier, B.
description Strong cryptography is very powerful when it is done right, but it is not a panacea. Focusing on cryptographic algorithms while ignoring other aspects of security is like defending your house not by building a fence around it, but by putting an immense stake in the ground and hoping that your adversary runs right into it. Counterpane Systems has spent years designing, analyzing, and breaking cryptographic systems. While they do research on published algorithms and protocols, most of their work examines actual products. They've designed and analyzed systems that protect privacy, ensure confidentiality, provide fairness, and facilitate commerce. They've worked with software, stand-alone hardware, and everything in between. They've broken their share of algorithms, but they can almost always find attacks that bypass the algorithms altogether. Counterpane Systems don't have to try every possible key or even find flaws in the algorithms. They exploit errors in design, errors in implementation, and errors in installation. Sometimes they invent a new trick to break a system, but most of the time they exploit the same old mistakes that designers make over and over again. The article conveys some of the lessons this company has learned.
doi_str_mv 10.1109/2.708447
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_crossref_primary_10_1109_2_708447</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>708447</ieee_id><sourcerecordid>36016809</sourcerecordid><originalsourceid>FETCH-LOGICAL-c387t-c00ab96e150dc55b65632dac8b359622549a99c34ad90caf320c50953ffdac883</originalsourceid><addsrcrecordid>eNqF0E1LxDAQBuAgCq6r4NnTIiJeuk6-k6MUv2DBi55DmqZrlm5bk1bYf2-XLh68eBqGeRh4X4QuMSwxBn1PlhIUY_IIzTDnKgOF2TGaAWCVaSzIKTpLaTOuTHE6Qzd53HV9u462-wxuUfoU1s3ie6gbH20R6tAHn87RSWXr5C8Oc44-nh7f85ds9fb8mj-sMkeV7DMHYAstPOZQOs4LwQUlpXWqoFwLQjjTVmtHmS01OFtRAo6D5rSq9krRObqd_nax_Rp86s02JOfr2ja-HZIhSmJGOPwP5ZhOgRjh9R-4aYfYjCEM1pIRpoGN6G5CLrYpRV-ZLoatjTuDwexLNcRMpY70aqLBe__LDscfhQNvfQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>197424904</pqid></control><display><type>article</type><title>Cryptographic design vulnerabilities</title><source>IEEE Electronic Library (IEL)</source><creator>Schneier, B.</creator><creatorcontrib>Schneier, B.</creatorcontrib><description>Strong cryptography is very powerful when it is done right, but it is not a panacea. Focusing on cryptographic algorithms while ignoring other aspects of security is like defending your house not by building a fence around it, but by putting an immense stake in the ground and hoping that your adversary runs right into it. Counterpane Systems has spent years designing, analyzing, and breaking cryptographic systems. While they do research on published algorithms and protocols, most of their work examines actual products. They've designed and analyzed systems that protect privacy, ensure confidentiality, provide fairness, and facilitate commerce. They've worked with software, stand-alone hardware, and everything in between. They've broken their share of algorithms, but they can almost always find attacks that bypass the algorithms altogether. Counterpane Systems don't have to try every possible key or even find flaws in the algorithms. They exploit errors in design, errors in implementation, and errors in installation. Sometimes they invent a new trick to break a system, but most of the time they exploit the same old mistakes that designers make over and over again. The article conveys some of the lessons this company has learned.</description><identifier>ISSN: 0018-9162</identifier><identifier>EISSN: 1558-0814</identifier><identifier>DOI: 10.1109/2.708447</identifier><identifier>CODEN: CPTRB4</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Algorithm design and analysis ; Buildings ; Communication system security ; Cryptographic protocols ; Cryptography ; Cybersecurity ; Data encryption ; Multiaccess communication ; Pins ; Power system security ; Product design</subject><ispartof>Computer (Long Beach, Calif.), 1998-09, Vol.31 (9), p.29-33</ispartof><rights>Copyright Institute of Electrical and Electronics Engineers, Inc. (IEEE) Sep 1998</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c387t-c00ab96e150dc55b65632dac8b359622549a99c34ad90caf320c50953ffdac883</citedby><cites>FETCH-LOGICAL-c387t-c00ab96e150dc55b65632dac8b359622549a99c34ad90caf320c50953ffdac883</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/708447$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/708447$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Schneier, B.</creatorcontrib><title>Cryptographic design vulnerabilities</title><title>Computer (Long Beach, Calif.)</title><addtitle>MC</addtitle><description>Strong cryptography is very powerful when it is done right, but it is not a panacea. Focusing on cryptographic algorithms while ignoring other aspects of security is like defending your house not by building a fence around it, but by putting an immense stake in the ground and hoping that your adversary runs right into it. Counterpane Systems has spent years designing, analyzing, and breaking cryptographic systems. While they do research on published algorithms and protocols, most of their work examines actual products. They've designed and analyzed systems that protect privacy, ensure confidentiality, provide fairness, and facilitate commerce. They've worked with software, stand-alone hardware, and everything in between. They've broken their share of algorithms, but they can almost always find attacks that bypass the algorithms altogether. Counterpane Systems don't have to try every possible key or even find flaws in the algorithms. They exploit errors in design, errors in implementation, and errors in installation. Sometimes they invent a new trick to break a system, but most of the time they exploit the same old mistakes that designers make over and over again. The article conveys some of the lessons this company has learned.</description><subject>Algorithm design and analysis</subject><subject>Buildings</subject><subject>Communication system security</subject><subject>Cryptographic protocols</subject><subject>Cryptography</subject><subject>Cybersecurity</subject><subject>Data encryption</subject><subject>Multiaccess communication</subject><subject>Pins</subject><subject>Power system security</subject><subject>Product design</subject><issn>0018-9162</issn><issn>1558-0814</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>1998</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNqF0E1LxDAQBuAgCq6r4NnTIiJeuk6-k6MUv2DBi55DmqZrlm5bk1bYf2-XLh68eBqGeRh4X4QuMSwxBn1PlhIUY_IIzTDnKgOF2TGaAWCVaSzIKTpLaTOuTHE6Qzd53HV9u462-wxuUfoU1s3ie6gbH20R6tAHn87RSWXr5C8Oc44-nh7f85ds9fb8mj-sMkeV7DMHYAstPOZQOs4LwQUlpXWqoFwLQjjTVmtHmS01OFtRAo6D5rSq9krRObqd_nax_Rp86s02JOfr2ja-HZIhSmJGOPwP5ZhOgRjh9R-4aYfYjCEM1pIRpoGN6G5CLrYpRV-ZLoatjTuDwexLNcRMpY70aqLBe__LDscfhQNvfQ</recordid><startdate>19980901</startdate><enddate>19980901</enddate><creator>Schneier, B.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>19980901</creationdate><title>Cryptographic design vulnerabilities</title><author>Schneier, B.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c387t-c00ab96e150dc55b65632dac8b359622549a99c34ad90caf320c50953ffdac883</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>1998</creationdate><topic>Algorithm design and analysis</topic><topic>Buildings</topic><topic>Communication system security</topic><topic>Cryptographic protocols</topic><topic>Cryptography</topic><topic>Cybersecurity</topic><topic>Data encryption</topic><topic>Multiaccess communication</topic><topic>Pins</topic><topic>Power system security</topic><topic>Product design</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Schneier, B.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer (Long Beach, Calif.)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Schneier, B.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Cryptographic design vulnerabilities</atitle><jtitle>Computer (Long Beach, Calif.)</jtitle><stitle>MC</stitle><date>1998-09-01</date><risdate>1998</risdate><volume>31</volume><issue>9</issue><spage>29</spage><epage>33</epage><pages>29-33</pages><issn>0018-9162</issn><eissn>1558-0814</eissn><coden>CPTRB4</coden><abstract>Strong cryptography is very powerful when it is done right, but it is not a panacea. Focusing on cryptographic algorithms while ignoring other aspects of security is like defending your house not by building a fence around it, but by putting an immense stake in the ground and hoping that your adversary runs right into it. Counterpane Systems has spent years designing, analyzing, and breaking cryptographic systems. While they do research on published algorithms and protocols, most of their work examines actual products. They've designed and analyzed systems that protect privacy, ensure confidentiality, provide fairness, and facilitate commerce. They've worked with software, stand-alone hardware, and everything in between. They've broken their share of algorithms, but they can almost always find attacks that bypass the algorithms altogether. Counterpane Systems don't have to try every possible key or even find flaws in the algorithms. They exploit errors in design, errors in implementation, and errors in installation. Sometimes they invent a new trick to break a system, but most of the time they exploit the same old mistakes that designers make over and over again. The article conveys some of the lessons this company has learned.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/2.708447</doi><tpages>5</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0018-9162
ispartof Computer (Long Beach, Calif.), 1998-09, Vol.31 (9), p.29-33
issn 0018-9162
1558-0814
language eng
recordid cdi_crossref_primary_10_1109_2_708447
source IEEE Electronic Library (IEL)
subjects Algorithm design and analysis
Buildings
Communication system security
Cryptographic protocols
Cryptography
Cybersecurity
Data encryption
Multiaccess communication
Pins
Power system security
Product design
title Cryptographic design vulnerabilities
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-30T15%3A30%3A56IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Cryptographic%20design%20vulnerabilities&rft.jtitle=Computer%20(Long%20Beach,%20Calif.)&rft.au=Schneier,%20B.&rft.date=1998-09-01&rft.volume=31&rft.issue=9&rft.spage=29&rft.epage=33&rft.pages=29-33&rft.issn=0018-9162&rft.eissn=1558-0814&rft.coden=CPTRB4&rft_id=info:doi/10.1109/2.708447&rft_dat=%3Cproquest_RIE%3E36016809%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=197424904&rft_id=info:pmid/&rft_ieee_id=708447&rfr_iscdi=true