SECURITY PITFALLS IN CRYPTOGRAPHY

But reality isn’t that simple. Longer keys don’t always mean more security. Compare the cryptographic algorithm to the lock on your front door. Most door locks have four metal pins, each of which can be in one of ten positions. A key sets the pins in a particular configuration. If the key aligns them all correctly, then the lock opens. So there are only 10,000 possible keys, and a burglar willing to try all 10,000 is guaranteed to break into your house. But an improved lock with ten pins, making 10 billion possible keys, probably won’t make your house more secure. Burglars don’t try every possible key (a bruteforce attack); most aren’t even clever enough to pick the lock (a cryptographic attack against the algorithm). They smash windows, kick in doors, disguise themselves as policemen, or rob keyholders at gunpoint. One ring of art thieves in California defeated home security systems by taking a chainsaw to the house walls. Better locks don’t help against these attacks.

[1]  M. H. Heycock,et al.  Papers , 1971, BMJ : British Medical Journal.

[2]  Bruce Schneier One-way hash functions , 1991 .

[3]  J. Feigenbaum Advances in cryptology--CRYPTO '91 : proceedings , 1992 .

[4]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[5]  Bruce Schneier,et al.  Designing Encryption Algorithms for Real People , 1994, Proceedings New Security Paradigms Workshop.

[6]  Bruce Schneier,et al.  The MacGuffin Block Cipher Algorithm , 1994, FSE.

[7]  Bruce Schneier,et al.  E-mail security , 1995 .

[8]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[9]  Bruce Schneier,et al.  Unbalanced Feistel Networks and Block Cipher Design , 1996, FSE.

[10]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[11]  Bruce Schneier,et al.  Distributed Proctoring , 1996, ESORICS.

[12]  Bruce Schneier,et al.  Authenticating Outputs of Computer Software Using a Cryptographic Coprocessor , 1996, CARDIS.

[13]  Bruce Schneier,et al.  Automatic Event-Stream Notarization Using Digital Signatures , 1996, Security Protocols Workshop.

[14]  Bruce Schneier,et al.  Securing the World Wide Web: Smart Tokens and Their Implementation , 1996, World Wide Web J..

[15]  Bruce Schneier,et al.  An authenticated camera , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[16]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[17]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[18]  Bruce Schneier,et al.  Cryptanalysis of the Cellular Encryption Algorithm , 1997, CRYPTO.

[19]  Bruce Schneier,et al.  Remote electronic gambling , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[20]  B. Schneier,et al.  Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor , 1997, FSE.

[21]  Bruce Schneier,et al.  Secure Applications of Low-Entropy Keys , 1997, ISW.

[22]  Bruce Schneier,et al.  Remote auditing of software outputs using a trusted coprocessor , 1997, Future Gener. Comput. Syst..

[23]  Peter G. Neumann,et al.  The risks of key recovery, key escrow, and trusted third-party encryption , 1997, World Wide Web J..

[24]  Bruce Schneier,et al.  An improved e-mail security protocol , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[25]  Bruce Schneier,et al.  Cryptanalysis of the cellular message encryption algorithm , 1997 .

[26]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[27]  Bruce Schneier,et al.  Conditional purchase orders , 1997, CCS '97.

[28]  Bruce Schneier,et al.  Cryptanalysis of TWOPRIME , 1998, FSE.

[29]  Bruce Schneier,et al.  Cryptanalytic Attacks on Pseudorandom Number Generators , 1998, FSE.

[30]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[31]  Bruce Schneier,et al.  Cryptography, security, and the future , 1999 .

[32]  Bruce Schneier,et al.  A Peer-to-Peer Software Metering System , 1999 .