Cryptographer's Panel: Founding fathers still eager for new advances

By Dennis Fisher, Executive Editor, SearchSecurity.com 06 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

RSA Conference 2007 Can't make it to the show? SearchSecurity.com staff members are on the RSA floor, on hand to deliver the latest RSA Conference 2007 news and updates.

"The field of theoretical cryptography has blossomed in a way that I didn't anticipate in the early days," said Ron Rivest, a professor of electrical engineering and computer science at MIT and, along with Shamir and Len Adelman, one of the inventors of the RSA public-key cryptosystem. "It's related to so many other fields, information theory and others. It's much broader and richer than I imagined it would be."

In April 1977, Rivest, Shamir and Adelman published a paper called "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," (.pdf) which described a practical method for encrypting a message using a publicly shared key.

The paper picked up on the work done a year earlier by Diffie and Hellman, who had invented the concept of public-key cryptography. Until then, no one had been able to work out a practical way to transmit a decryption key to the recipient of a message. Diffie and Hellman's innovation was brilliant in its simplicity: encode the message with a shared public key and decrypt it with a private key.

The RSA paper was the beginning of digital encryption and eventually led to its wide use on the Web and in commercial software. But Hellman, an former engineering and math professor at Stanford University, said he was surprised that cryptography hadn't advanced more in the last 30 years.

"I thought there would be provably secure systems, and 30 years later, we don't have them," he said. "I thought there would be more cryptosystems as well."

But even as they noted the lack of progress in some areas, the panelists emphasized that cryptanalysis has advanced greatly and Shamir said that he expects some significant progress in the coming year on a couple of fronts. He mentioned that there are a number of serious attempts to implement an attack on the SHA-1 hash algorithm.

"I think we'll see success on that in the next few months," Shamir said. He also pointed out that cryptosystems' unfortunate tendency to fail badly when any small change is made to them, makes them somewhat difficult to implement and work with.

"The main problem with cryptography is that it's highly discontinuous. If you have a

cryptosystem and make any slight change, it can lead to devastating attacks," Shamir said. "We didn't think enough at the time about how to recover from these attacks."

Diffie, CSO at Sun Microsystems and a Sun fellow, said the initial zeal that he and the other pioneers of digital cryptography had led to a mistaken belief that their discoveries would make data completely secure.

"I think cryptography will always just be one of the pieces," Diffie said. "The worst you can say is that public-key cryptography has been a great success."

<< Return to our special coverage of RSA Conference 2007

Tags: Disk Encryption and File Encryption,  Security Industry Market Trends, Predictions and Forecasts,  Security Awareness Training and Internal Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Disk Encryption and File Encryption Database monitoring, encryption vital in tight economy, Forrester says Sophos integrates encryption into endpoint security Cryptography for the rest of us Encryption in data management should never be ignored, expert says The difference between AES encryption and DES encryption Security budget issues to resonate at RSA Conference Portable security storage device could replace OTP devices Mass. officials explain new data protection regulations A simple substitution cipher vs. one-time pad software Are encrypted, self-deleting USB storage drives worth the investment? Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research Security Awareness Training and Internal Threats Twitter risks, Facebook threats trouble security pros Social engineering training could disrupt botnet growth How to write a risk methodology that blends business, security needs Risk management must include physical-logical security convergence Tabletop exercises sharpen security and business continuity Security policies need simplifying, expert says Microsoft IE 8 security only benefits educated users Security book chapter: The Truth About Identity Theft How to integrate the security of both physical and virtual machines Laid off workers likely to steal company data, survey warns

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Advanced Encryption Standard  (SearchSecurity.com) data key  (SearchSecurity.com) Encrypting File System  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) International Data Encryption Algorithm  (SearchSecurity.com) network encryption  (SearchSecurity.com) output feedback  (SearchSecurity.com) quantum cryptography  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) Rijndael  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary