Table of Contents
If cryptography is so great,�why isn’t it being used more?
Protecting information
It’s a strange, harsh world�these days...
So what’s the problem?
The easy problems�(not the subject of this talk)
The underlying hard problems
Everything you need to know about crypto in 10 easy minutes
Secret-key cryptography
Message Authentication Code (MAC) Functions
Public key cryptosystems
Digital signature schemes
Secure hash functions
Top 10 cryptography problems�(in real life)
Problem 1: You never needed crypto before. But you do now.
Problem 2: No one realizes this
Example: file protection
Problem 3: You can’t put the cryptography where you need it
Architecture choices
Example issues
Problem 4: Secret keys often aren’t so secret
Problem 4a: How big should secret keys be?
Problem 4b: How do we generate secret keys?
Problem 4c: How do we store�the secret keys?
Problem 5: Public key infrastructure doesn’t exist
Problem 5a: Certification is not the same as trust
Problem 6: Cipher algorithms are amazingly hard to design
Problem 7: Crypto protocols are really, really hard to design
Problem 8: Designing a secure application is even harder
Example application: secure message exchange (email)
Problem 9: Implementing crypto applications is pretty hard, too
Example: Encrypted session (based on deployed code)
Problem 10: Crypto doesn’t make insecure platforms secure
Problem 11: There are a lot more than 10 problems
So where are we?
|