Cryptographer's Panel: Founding fathers still eager for new advances

By Dennis Fisher, Executive Editor, SearchSecurity.com 06 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

RSA Conference 2007 Can't make it to the show? SearchSecurity.com staff members are on the RSA floor, on hand to deliver the latest RSA Conference 2007 news and updates.

"The field of theoretical cryptography has blossomed in a way that I didn't anticipate in the early days," said Ron Rivest, a professor of electrical engineering and computer science at MIT and, along with Shamir and Len Adelman, one of the inventors of the RSA public-key cryptosystem. "It's related to so many other fields, information theory and others. It's much broader and richer than I imagined it would be."

In April 1977, Rivest, Shamir and Adelman published a paper called "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," (.pdf) which described a practical method for encrypting a message using a publicly shared key.

The paper picked up on the work done a year earlier by Diffie and Hellman, who had invented the concept of public-key cryptography. Until then, no one had been able to work out a practical way to transmit a decryption key to the recipient of a message. Diffie and Hellman's innovation was brilliant in its simplicity: encode the message with a shared public key and decrypt it with a private key.

The RSA paper was the beginning of digital encryption and eventually led to its wide use on the Web and in commercial software. But Hellman, an former engineering and math professor at Stanford University, said he was surprised that cryptography hadn't advanced more in the last 30 years.

"I thought there would be provably secure systems, and 30 years later, we don't have them," he said. "I thought there would be more cryptosystems as well."

But even as they noted the lack of progress in some areas, the panelists emphasized that cryptanalysis has advanced greatly and Shamir said that he expects some significant progress in the coming year on a couple of fronts. He mentioned that there are a number of serious attempts to implement an attack on the SHA-1 hash algorithm.

"I think we'll see success on that in the next few months," Shamir said. He also pointed out that cryptosystems' unfortunate tendency to fail badly when any small change is made to them, makes them somewhat difficult to implement and work with.

"The main problem with cryptography is that it's highly discontinuous. If you have a

cryptosystem and make any slight change, it can lead to devastating attacks," Shamir said. "We didn't think enough at the time about how to recover from these attacks."

Diffie, CSO at Sun Microsystems and a Sun fellow, said the initial zeal that he and the other pioneers of digital cryptography had led to a mistaken belief that their discoveries would make data completely secure.

"I think cryptography will always just be one of the pieces," Diffie said. "The worst you can say is that public-key cryptography has been a great success."

<< Return to our special coverage of RSA Conference 2007

Tags: Disk Encryption and File Encryption,  Security Industry Market Trends, Predictions and Forecasts,  Security Awareness Training and Internal Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Disk Encryption and File Encryption Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Should developers create libraries of common cryptographic algorithms? What is an encryption collision? Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection Voltage, RSA spar over tokenization, data protection Truth, lies and fiction about encryption What are new and commonly used public-key cryptography algorithms? What are the export limitations for AES data encryption? Security Industry Market Trends, Predictions and Forecasts M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Information Security magazine Security 7 Award winners Security Squad: Privacy gone awry Security Industry Market Trends, Predictions and Forecasts Research Security Awareness Training and Internal Threats Creating a HIPAA employee training program Successful rogue antivirus hinges on social engineering External attacks start with unintentional mistakes, survey finds Security technologies fail to address insider threat management Data breach avoidance begins with security basics, panel says Monitoring program data and internal controls for risk management Software security threats and employee awareness training Twitter risks, Facebook threats trouble security pros Social engineering training could disrupt botnet growth How to write a risk methodology that blends business, security needs

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Advanced Encryption Standard  (SearchSecurity.com) data key  (SearchSecurity.com) Encrypting File System  (SearchSecurity.com) encryption  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) network encryption  (SearchSecurity.com) output feedback  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) Rijndael  (SearchSecurity.com) Twofish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary