The gap between cryptography and information security: has it narrowed?