Latest Essays
Page 75
Des chausses-trappes de sécurité en cryptologie
Des articles de périodiques aiment à décrire les produits de cryptologie en termes d’algorithmes et de longueur de clés. Les algorithmes font de bons titres: ils peuvent être expliqués en quelques mots et ils sont faciles à comparer les uns aux autres. “Le triple-DES gage de bonne sécurité”. “Des clés de 40 bits sont une sécurité faible.” ” Le RSA à 2048 bits est meilleur que le RSA à 1024 bits.”
Mais la réalité n’est pas aussi simple. Les clés plus longues ne signifient pas toujours plus de sécurité. Comparez l’algorithme cryptographique au verrou de votre porte d’entrée. La plupart des verrous ont quatre goupilles en métal, qui peuvent prendre chacune dix positions. Une clé place les goupilles dans une configuration particulière. Si la clé les aligne correctement, le verrou s’ouvre. De sorte qu’il n’y a que 10 000 clés possibles, et qu’un cambrioleur prêt à essayer les 10 000 possibilités est sûr d’entrer dans votre maison. Mais un verrou de qualité supérieure à 10 goupilles, qui autorise 10 miliards de clés distinctes, n’améliorera probablement pas la sécurité de votre maison. Des cambrioleurs n’essayent pas toutes les clés (une attaque systématique -“brute-force”); la plupart ne sont pas assez intelligents pour crocheter la serrure (une attaque cryptographique contre l’algorithme). Ils fracassent les fenêtres, donnent des coups de pieds dans les portes, se déguisent en policiers, ou bien dévalisent les détenteurs des clés avec une arme. Un groupe de voleurs en Californie mettait en défaut les systèmes de sécurité en attaquant les murs à la tronçonneuse. Contre ces attaques, de meilleures serrures ne sont d’aucun secours…
Click Here to Bring Down the Internet
The Internet is fragile, rickety. It is at the mercy of every hacker and cracker. In recent Congressional testimony, hackers from the L0pht boasted that they could bring down the Internet in under 30 minutes. Should we be concerned?
In almost every area, those with the expertise to build our social infrastructure also have the expertise to destroy it. Mark Loizeaux is President of Controlled Demolitions, Inc.; he blows up buildings for a living. He’s quoted in the July 1997 Harper’s Magazine: “We could drop every bridge in the United States in a couple of days…. I could drive a truck on the Verrazano Narrows Bridge and have a dirt bike on the back, drop that bridge, and I would get away. They would never stop me.” Ask any doctor how to poison someone untraceably, and he can tell you. Ask someone who works in aircraft maintenance how to knock a 747 out of the sky, and he’ll know. The Internet is no different…
The Challenge of Cryptography
Never underestimate the time and effort attackers will expend to thwart your security systems.These days, security is on the minds of anyone involved in building or using information systems. After all, every form of commerce has had its share of fraud, from farmers rigging their weight scales to counterfeiters passing off phony currency. Electronic commerce is no exception, with fraud taking the form of forgery, misrepresentation, and denial of service. And it doesn’t stop with electronic transactions. There are privacy breaches, with competitors intercepting communications, and electronic vandalism, with attackers destroying Web pages and mail-bombing ISPs. It seems threats are coming from everywhere…
Why Cryptography Is Harder Than It Looks
From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today’s information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can prove your identity or protect your anonymity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital…
Cryptography, Security and the Future
From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today’s information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can protect your anonymity or prove your identity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital…
Cryptographie, sécurité et l'avenir
Translated by Fernandes Gilbert
Des communications par courrier électronique aux cellulaires, des accès protégés sur Internet à l’argent numérique, la cryptographie est une composante essentielle des systèmes d’information actuels. La cryptographie permet d’obtenir comptabilité, justice, précision et confidentialité. Elle empêche la fraude au sein du commerce électronique et assure la validité des transactions financières. Elle peut protéger votre anonymat ou bien prouver votre identité. Elle peut empêcher des vandales d’altérer votre page Internet et empêcher vos adversaires commerciaux de lire vos documents confidentiels. Et dans l’avenir, à mesure que le commerce et les communications se déplacent vers des machines en réseau, la cryptographie va devenir de plus en plus essentielle…
Protect Your E-Mail
Safeguard your messages today, and prepare for electronic commerce tomorrow
You may have just started using the Internet for your business, but scientists, academics, and computer programmers have been using it for years. It was designed specifically as a public network for sharing information. Because the availability of information was the priority, provisions for data security were not considered essential. But now that you’re sending proprietary business information over the Internet that openness can become a drawback. You need to take steps to protect your communications…
Electronic Speech – For Domestic Use Only
The U.S. State Department recently ruled that some forms of electronic speech are not protected by the First Amendment and can be prohibited from export. This decision raises questions about freedom of speech on the information superhighway. As business communications continue to migrate from paper mail to electronic mail, these questions will become more important. It is vital that laws address this new form of speech.
Last year, I wrote a book called Applied Cryptography> (John Wiley & Sons, 1994), which explains cryptography in nonmathematical language. It describes how to build cryptography into products, illustrates cryptographic techniques, and evaluates algorithms and makes recommendations on their quality. It even includes source-code listings that enable readers to implement many of the algorithms and techniques described…
High-Tech Government Snooping: Anti-Crime or Orwell Revisited?
Good news! The federal government respects and is working to protect your privacy… just as long as you don’t want privacy from the government itself.
In April 1994, the Clinton administration, cleaning up old business from the Bush administration, introduced a new cryptography initiative that ensures the government’s ability to conduct electronic surveillance. The first fruit of this initiative is CLIPPER, designed to secure telephone communications.
CLIPPER is a tamper-resistant chip designed by the National Security Agency, a super-secret branch of the Department of Defense…
Virus Killers: Macworld Lab Tests Virus Software and Survives
Macintosh users ignore computer viruses at their peril. Viruses can cause irreparable damage to the system or destroy megabytes of data. Fortunately, unlike their biological namesakes, computer viruses are relatively easy and painless to control. With a leading virus-protection software program, it takes only a few minutes a day to remain virus-free.
Macworld Lab tested four antiviral products—the freeware application Disinfectant, Central Point Software’s MacTools ($149.95), Symantec’s Symantec AntiVirus for Macintosh (SAM, $99), and Virex ($99.95) from Datawatch—against every Macintosh virus known at the time of testing, 52 in all. We also looked at each product’s features and measured how fast the programs detected viruses…
Sidebar photo of Bruce Schneier by Joe MacInnis.