Must Read: No niche for iPad: Why I returned mine

Topic: Security

Cryptography interview with the NSA

Summary: I had the pleasure of interviewing a former chief scientist at the NSA Brian Snow after the recent 30th anniversary of PKC (Public Key Cryptography).  I posted this article which offers insight in to the past, present, and future of cryptography and it's worth a quick read for anyone interested in security.

George Ou

By George Ou for Real World IT |

I had the pleasure of interviewing a former chief scientist at the NSA Brian Snow after the recent 30th anniversary of PKC (Public Key Cryptography).  I posted this article which offers insight in to the past, present, and future of cryptography and it's worth a quick read for anyone interested in security.

It goes in to topics like:

  • Quantum cryptography
  • Quantum computing
  • Is there really a Government backdoor in AES encryption?

Take a look and let me know what you think in the talkback.  If you have any questions, I'll even try and get it answered from Mr. Snow and the inventors of PKC.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion

  • whats funny is...

    I'm currently reading Dan Brown's "Digital Fortress" all about the NSA and TRANSLTR (their 2 million core public key crunching monster) and crypto labs..

    Its a good read :)
    jakex3@...
    Reply Vote

    • Thanks

      I still think no one brute forces the crypto. It's all the software and humans surrounding it that's attacked because it's so much easier to go after.

      Look at Mr. Snow's comment on Quantum Crypto.
      georgeou
      Reply Vote

  • Good Read

    Nice to know where the flaws are in the system. And Snow is right. People are an easy target. Always foolish with their passwords and such. Unless policies exist to enforce tougher password encryption, a simple dictionary attack could probably brute force most systems.
    nucrash
    Reply Vote

    • I dont know about you ...

      But I dont think I can remember the 1024 bit private/public keys, so the keys will always have to be stored somewhere, either written down or on a system somewhere (And if on a system, also backups)
      mrlinux
      Reply Vote

    • What we need is an end to password usage

      Policies won't fix the problem since you'll force people to write down their passwords. What we need is an end to password usage.
      georgeou
      Reply Vote

  • good article

    This was pretty interesting read even though I?m fairly new to cryptography. I'd be interested to know what Brian Snow thinks about online Rainbow Table generation. I've personally contributed to rainbowcrack.com to crack the password of a contest site (cracking the hash was part of the contest). There are other sites selling the tables for as much as $10K USD. As a developer I've begun to steer away from implementing any of these algorithms because of these tables and the huge security risks they pose. Is AES susceptible to the same kind of attack?
    donkey_butter
    Reply Vote

    • Those are unrelated

      Rainbow tables are designed to speed up cracking of passwords whose hash you can sniff in clear text. It doesn't have anything to do with AES encryption.

      To prevent this, strong authentication protocols used in SSL, PEAP, L2TP should be used. Technologies like PPTP and LEAP should be shunned because they transmit password hashes in the clear which lend themselves to these rainbow table attacks. For more info, check this blog out.
      http://blogs.zdnet.com/Ou/index.php?p=21
      georgeou
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close