tags:

views:

102

answers:

4
+1  Q: 

Insecure Crytographic System

Hi :)

I am a newbie in cryptographic system but i have seen many sources tell that

even the good algorithm and good key is not enough,

i have a little confuse why is that?

+1  A: 

http://en.wikipedia.org/wiki/Cryptographic_engineering

There are two basic kinds of encryption algorithms in use today:

Private key cryptography, which uses the same key to encrypt and decrypt the message. This type is also known as symmetric key cryptography.

Public key cryptography, which uses a public key to encrypt the message and a private key to decrypt it. The name public key comes from the fact that you can make the encryption key public without compromising the secrecy of the message or the decryption key. Public key systems are also known as asymmetric key cryptography.

http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099 . This book is nice one regarding this

Algorithms

http://hell.org.ua/Docs/oreilly/tcpip/puis/ch06_04.htm

U can read this patent is talking about US Patent 6769062 - Method and system of using an insecure crypto-accelerator

http://www.patentstorm.us/patents/6769062/claims.html

Read this http://www.schneier.com/essay-028.html

joe  2009-07-12 11:17:55
+2  A: 

Possibly not enough because in the game of cryptography there is also the trust part.
Anyway, check out this article: Security Pitfalls in Cryptography

Nick D  2009-07-12 11:27:33
A: 

Your question is vague, but I'll add an aspect that is important: The users handling of the key and understanding of the system. Cryptography does in a way move the target from the communication to the sender or recipient.

Also, the algorithms quality is only halfway there - the implementation of the algorithm can introduce unforseen security issues.

Anders Lindahl  2009-07-12 11:38:07
A: 

The security of a system depends on many factors, only one of which is the cryptosystem of choice.

Modern symmetric (e.g. AES) and asymmetric (e.g. RSA) cryptosystems are very secure (read: practically impossible to break) in themselves, but the way you use the cryptosystem, and user behavior changes everything.

I've always argued that even the most basic cryptographic tasks should be done, or at least supervised, by cryptography experts, and Jeff has recently proved me right.

If you have had no formal education on cryptography, please seek professional advice from an expert.

Can Berk Güder  2009-07-12 11:45:40

related questions

Is there a standard implementation for Electronic Signatures on fill-in-form web applications?
Best way to handle block ciphers in C++? (Crypto++)
What is the best replacement for Windows' rand_s in Linux/POSIX?
Combination of more than one crypto algorithm
Encryption output always different even with same key
What techniques do you use when writing your own cryptography methods?
Optimize y = x*x in Galois field arithmetic
Best way to prevent duplicate use of credit cards
Enumerating Certificate Fields in C#
I'm using Wincrypt for Diffie-Hellman-- can I export the shared secret in plain text?
Cryptography algorithm
I have P & G-- how do I use the Wincrypt API to generate a Diffie-Hellman keypair?
Good primers on Cryptography
Should I use an initialization vector (IV) along with my encryption?
How do I hash a string with Delphi?
Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)
How to implement password protection for individual files?
Is Bouncy Castle API Thread Safe ?
128 bit data encryption using Java
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
App.config connection string Protection error
Is there a best .NET algorithm for credit card encryption?
How to encrypt one message for multiple recipients?
How can I generate a unique, small, random, and user-friendly key?
Why is an s-box input longer than its output?