When the topic of encryption comes up, you won’t often hear the words “unbreakable” and “practical” used together, unless the conversation has moved into “Holy Grail” territory.
Cryptography, the fundamental science behind encrypting digital data, is surely not perfect. Our body of knowledge on the subject is based on assumptions, which may or may not be correct. Nobody knows for sure.
We do know, however, that our assumptions are often incorrect — think of the last time an 18-year-old cracked an “unbreakable” form of encryption.
“We can’t prove any of this stuff is right,” says Charles Rackoff, a cryptography professor at the University of Toronto
. On encryption, he says, “there are basically two kinds … there’s the public key stuff and the shared private key stuff. But tomorrow, someone may come along and break all of it. That’s the real problem.”
Proving that any encryption is secure “would mean solving deep open questions in computer science,” he says.
But are we on the right track, at least?
Well, there is such thing as an unbreakable form of encryption, known as the “one-time pad” — a pad of pages of numbers used by spies decades ago — but it’s so highly impractical as to be irrelevant for use in IT.
So what’s a highly security-conscious enterprise to do?
First of all, says Rackoff, don’t take all this talk about lack of proof to heart. We’re making quite a bit of headway in our current encryption, imperfect as it is.
“If you accept current assumptions,” he says, “then we’re actually pretty good at what we can do. We understand the basic definitions of security, we can do most of the stuff we want to do efficiently.”
That said, companies should set themselves a few ground rules when developing their security strategy, experts say.
Keep it simple, stupid
Some people don’t like fancy, and Rackoff is one of them. He prefers a decidedly low-tech method of generating the random keys needed for secure encryption.
“I think PGP uses some very fancy stuff where they try to get low-order bits from your typing on the keyboard or something like that. I consulted once for a company. I told them to use a bingo set.
“I don’t like fancy things. Because the fancier something is, the less you know about it. And it could have deep flaws and consistent flaws that you’re just not aware of. So, I’d just say get a bingo set, remove all but 64 of the balls, which are numbered 1-64, think of them as 0-63, turn it, pick out one: that’s six bits. Replace it, do that again for as many bits as you need for your key.”
Of course, sometimes the low-tech method has its limits. Especially when you need to generate a nearly endless stream of random numbers.
“The low-tech method…is certainly better,” says Menezes, “except it doesn’t scale to large-scale applications, right? By the time you visit a Web site to buy something, the communication between your Web browser and the Web server is secured by a protocol called SSL, and you notice this because your browser has a little padlock that’s locked. “
“And every time you do this, your browser needs to pick a random key to secure that session. And you can’t expect the user to reach into a bin of bingo numbers and pick them out and type the key into the computer every time the user visits a website. That just wouldn’t work.”
But wherever possible, he adds, simpler is always better.
Don’t put all your keys in one basket
“The simpler the method,” says Menezes, “the more easily you can analyze it and be confident that it does work. But ideally, you use several simple methods all at once and combine the numbers you obtain from the different sources into one.”
Garry McCracken, vice-president of technology partnerships at WinMagic Inc
., a leading IT security firm based in Canada that offers a range of encryption products and services, says higher-tech methods of generating keys can prove very reliable when their power is combined.
“I would not ever want to rely on just one source of entropy, which is the input to keys, like the mouse,” he says. “What we would do is get as many sources as possible, and that includes the keyboard and the mouse and things like that, as well as the built-in random number generators that Microsoft might have.”
And soon enough, there will be even more bricks you can build into your data protection fortress, McCracken says: “Intel
— we’re working with Intel — they have this new Bull Mountain capability that they’re building… into their new CPUs that actually generates random numbers. Real random numbers, right out of the CPU.”
Don’t develop your own encryption
Menezes consults for companies like Research in Motion Ltd
., mostly working with RIM’s own cryptography experts to share insight and expertise. He says if were to speak directly to a senior IT manager, one of the first things he would stress would be not
to develop enterprise encryption in-house.
“I would certainly say: never design your own crypto. Use best standards, practices and particularly even use implementations for the crypto that have been designed by credible companies. Don’t even try implementing it yourself.”
Rackoff agrees, though he qualifies it by saying there’s plenty of encryption — proprietary or not —that he doesn’t like.
“Certainly, I would never trust any encryption that was proprietary,” says Rackoff. “It’s almost all pretty bad. I mean a lot of the stuff that’s not proprietary is pretty bad, when people are actually looking at it.”
Menezes says any encryption system should be looked at intently by lots of very smart people, for a very long time, before putting your trust in it.
“You need to have experts staring at, trying to break your system, for many years. That’s the only way we know to really get confidence that something is secure. If you could prove these things secure without any doubt, proprietary would be fine, but we don’t know how to do that.
“So, confidence comes after years of study by experts.”