Cryptographic Design Vulnerabilities

Authors:
Bruce Schneier
Affiliations:
-
Venue:
Computer
Year:
1998

Citing 6
Cited 7

Why cryptosystems fail

Communications of the ACM
The risks of key recovery, key escrow, and trusted third-party encryption

World Wide Web Journal - Special issue: Web security: a matter of trust
Side Channel Cryptanalysis of Product Ciphers

ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Protocol Interactions and the Chosen Protocol Attack

Proceedings of the 5th International Workshop on Security Protocols
Tamper resistance: a cautionary note

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Software generation of practically strong random numbers

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

Some guidelines for non-repudiation protocols

ACM SIGCOMM Computer Communication Review
Graphics and Security: Exploring Visual Biometrics

IEEE Computer Graphics and Applications
Security in Programmable Netword Infrastructures: The Integration of Network and Application Solutions

IWAN '00 Proceedings of the Second International Working Conference on Active Networks
Cryptography, computers in

Encyclopedia of Computer Science
Authenticating secure tokens using slow memory access

WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Breaking up is hard to do: modeling security threats for smart cards

WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Exploiting cryptographic architectures over hardware vs. software implementations: advantages and trade-offs

AEE'06 Proceedings of the 5th WSEAS international conference on Applications of electrical engineering

Quantified Score

Hi-index	4.10

Visualization

Abstract

Popular magazines often describe cryptography products in terms of algorithms and key lengths. These security techniques make good headlines ("Triple DES is much stronger than single DES."). Unfortunately, cryptography isn't so simple: Longer keys do not guarantee more security. Compare a cryptographic algorithm to the lock on your front door. Improving the lock probably won't make your house more secure. Burglars don't try every possible key (the equivalent of a brute-force attack); most aren't clever enough to pick the lock (the equivalent of a cryptographic attack). No, burglars smash windows, kick in doors, disguise themselves as police, and rob key-holders at gunpoint. Strong cryptography is very powerful when it is done right, but it is not a panacea. Building a secure cryptographic system is easy to do badly and very difficult to do well. Unfortunately, most people can't tell the difference. In this article, the author conveys some of the lessons learned in designing, analyzing, and breaking cryptographic systems.