Understanding the priorities in cryptography

In recent news on Quantum cryptography, a company is pushing Quantum cryptography into the mainstream. Without judging the particular company, Cavium, or the merit of their products, I will say that people in general have huge misconceptions about cryptography and they need to be aware of them when theyevaluate security products.

Cryptography is a war with two fronts, authentication and encryption. Break one and the other is moot no matter how strong it is. You can think of authentication as the key and encryption as the lock and door. If an adversary gains possession of your key or worse, a copy of it, they could care less if your door is made out of 6-foot thick kevlar and steel because they will simply open the door as you would with your key. Because most people (even security products) correlate cryptography and security with just encryption, they usually put little or no effort on authentication. Encryption in its current state is probably the least of our worries, yet it is given the most attention.

If you take the original DES (Data Encryption Standard) algorithm, which is nearly 30 years old, it is a testament to IBM and the NSA that there are still no practical cryptanalysis techniques to break DES. The fact that DES can be brute-forced is irrelevant because the short key length of 56 bits can easily be tripled using 3DES, which makes 2 to the 112 times more combinations to have to brute-force. The official heir to 3DES is AES, which has key lengths between 128 bits to 256 bits and was fully vetted by the security community during a five-year standards process. This pretty much rules out any kind of brute force attack for the foreseeable future, and it is very unlikely that someone will find any cryptanalytic weaknesses in AES any time soon. Most VPN or encryption products rely on 3DES and AES and they currently have absolutely no need to change their encryption algorithm. The rare exception in recent years has been the original 802.11 wireless LAN standard and 802.11 products that relied on a completely shoddy implementation of RC4 called WEP and a less shoddy implementation of RC4 called TKIP, which is currently clinging on for dear life. Note that the IEEE finally rectified the situation last year with the 802.11i standard, which demands AES encryption.

The problem with most products or applications that aresuppose to be"secure" is the authentication protocols they use. What little attention given to authentication is wasted on bickering over password strength and password policies. It really doesn't matter how complex your password is or how often you change your password when somany organizations use clear text authentication protocols in common applications like Telnet, SMTP/POP mail, FTP and HTTP. The biggest problem with passwords is the fact that people actually rely on them in the first place. I still get a good laugh when IT people blame users for their authentication woes when they permit weak or clear text authentication protocols over the LAN or even Internet in the first place. One of the most dominant wireless authentication protocols, called LEAP and used by market leader Cisco, is laughably weak; even its subsequent standard EAP-FAST has problems in its default state. If you start talking about good authentication protocols like PEAP or, better yet, EAP-TLS, and people start worrying that they might actually have to implement a PKI.

Maybe it's just human nature to be infatuated with the single pill solution to all of our medical and aesthetic problems. That same ill-conceived logic makes us infatuated with the single box that -- no matter how insanely priced and how ineffective -- can solve all of our security problems. Theharsh reality is this: magic pills and magic boxes don't exist. There is no substitute for good cryptographic fundamentals.