March 26, 2019

Public Key Crypto For the Enterprise - page 3

Hiding In Plain Sight

  • December 8, 2008
  • By Paul Rubens

Are there any limitations to the PKE approach? The answer to this question is yes.

Firstly, any encrypted message is only as strong as the cipher that is used to encrypt it. If a weakness is discovered in the cipher such that you no longer need a key to decrypt the message or it becomes possible to work out the key (directly or indirectly) from the contents of the ciphertext then clearly the system is not secure.

Another caveat is that any key-based encryption system is susceptible to a bruteforce attack--methodically trying every possible key until the correct one is found. Modern encryption techniques rely on the fact that if there is a sufficiently large keyspace (meaning there are a sufficiently large number of possible keys,) it is likely to take hundreds of millions of years to find a key by brute force using the computers that are currently available. But as computers become more powerful, the length of the keys typically used may need to be increased to ensure that the chances of successfully brute forcing a key remain tiny.

It's important to remember that any encrypted message is never completely safe from a bruteforce attack: someone might guess the correct key with their very first guess. It's just that with a strong cipher and a long key the probability of that happening--or that they hit upon the correct key within a thousand years--is vanishingly small.

The final problem that's worth mentioning is the problem of key management: how do you get hold of someone's public keys, and how can you be sure that it is the public key belonging to the person you think it belongs to? If you send a message to Bob using the public key which you think belongs to Bob but actually belongs to Carol, then Bob won't be able to read it. More worryingly, if Carol manages to get her hands on the message she will be able to read it, even though you intended it for Bob's eyes only.

But despite these potential problems, it's fair to say that PKE has revolutionized the way that secure communications are carried out. In the next piece in this series, we'll be looking at key management and how PKE is used in the real world to provide commercial and open-source secure e-mail systems.

Article courtesy of Enterprise Networking Planet

Most Popular LinuxPlanet Stories