Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

I enjoyed Rodney Thayer’s ToorCon crypto seminar yesterday.  (Current link is here - http://www.toorcon.org/2007/event.php?id=21.  As I understand it, video of the talks will all be online shortly.)

He hammered home one point which I agree with in principal:  don’t implement your own crypto.  However, from a practical standpoint, that’s misleading.  The message should be:  don’t implement your own protocols. 

What do I mean by that?  Suppose I’m designing a new authentication scheme and I naively choose DES as my encryption algorithm.  As a result, an attacker could conceivably sniff my traffic and brute-force the key.  But suppose further that, in designing my authentication protocol, I forgot to guard against replay attacks (which have nothing to do with my choice of crypto algorithm).  Now, instead of brute-forcing the key, the attacker can simply resend the packets to achieve a successful authentication.  The latter attack is way easier.

The weakest link in the security of a given security system is almost never the choice of crypto algorithm, but rather some other overlooked detail.  The benefit of using existing systems (PGP, Kerberos, TLS, IPsec, etc) is not that they’re flawless, or even that they always use the strongest crypto (neither is true), but rather that all those other details have been reviewed by experts over an extended period of time.
Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment