Schneier on Security

Imagine this situation: An engineer builds a bridge. It stands for a day, and then collapses. He builds another. It stands for three days, and then collapses. Then, he builds a third, which stands for two weeks but collapses during the first rainstorm. So he builds a fourth. It’s been standing for a month, and has survived two rainstorms. Do you believe this fourth bridge is strong, secure and safe? Or is it more likely just another accident waiting to happen?

As bizarre as it may seem, this kind of design process happens all the time in cryptography, a field that is full of people who love to design their own algorithms and protocols. With so many aspiring cryptanalysts out there, however, there’s bound to be a lot of weak designs. The problem is this: Anyone, no matter how unskilled, can design an algorithm that he himself cannot break. Though a competent cryptanalyst can break most of this stuff after a short review, the rest of it survives, and in most cases is never looked at again (especially outside the military world). But just because an algorithm survives an initial review is no reason to trust it…

1998 was an exciting year to be a cryptographer, considering all the developments in algorithms, attacks and politics. At first glance, the important events of the year seem completely unrelated: done by different people, at different times and for different reasons. But when we step back and reflect on the year-that-was, some common threads emerge—as do important lessons about the evolution and direction of cryptography.

New Algorithms

In June, the NSA declassified KEA and Skipjack. KEA is a public-key Key Exchange Algorithm, while Skipjack is a block cipher first used in the ill-fated Clipper Chip. The NSA wanted Fortezza in software, and the only way they could get that was to declassify both algorithms…