The following introduction was originally published in the BCS Information Security Now Magazine, Spring 2010 issue (Volume 4, Issue 3), which was on the topic of Cryptography:
“Cryptography now protects most organisations’ laptops, drives, removable media and communications, yet effective use of such technological solutions requires much more than selecting a vendor and implementing a product. Thought needs to be put in to how key recovery, data loss prevention, monitoring and audit work.
Cryptographic algorithms should be subjected to extensive peer review before being considered as robust and this process alone can take years, and then the new algorithm needs to be implemented – hopefully before the old one is irrevocably broken in some way. The false protection of ‘security through obscurity’ was destroyed recently when a number of GSM mobile encryption algorithms were broken.
Not only do crypto algorithms need to be robust, but they must translate effectively into implementation in a cryptographic module. The need for this was demonstrated recently when some USB memory sticks, validated to FIPS 140-2, and therefore approved to hold low-level classified data, were discovered to have a serious flaw that allowed ready access to the data.
There has been a lot of research into anonymous untraceable electronic cash and the cryptographic underpinnings required for it and things like coin divisibility, blind signatures, offline convertibility and to prevent double spending. Although there may be concerns about allowing such things, surely this is simply trying to replicate how cash works today?
Encryption techniques will continue to move forwards, fighting against the brains of mathematicians and the brawn of computing power; the emergence of elliptical curve cryptography (ECC) and quantum cryptography is already on the horizon, with more esoteric solutions to come.”
A PDF version of the magazine is available online at: