Strong Cryptography Can't Protect a Weak System
By Peter Coffee
August 10, 1998
Despite oven-hot July heat, a recent trip to Las Vegas to hear Bruce Schneier speak to IT security pros and customers at the second annual Black Hat Briefings (www.blackhat.com) was well worthwhile.
In remarks titled "A Hacker Looks at Cryptography," Schneier punctured the hype that often surrounds his own area of expertise. You might not expect to hear Schneier, author of the widely praised book "Applied Cryptography," reminding an audience of a comment that's often quoted, but that neither of the suspected sources will admit to having made: "If you think cryptography can solve your problem, then you don't understand your problem and you don't understand cryptography."
In his talk, Schneier added a bit, so to speak, to the popular top-10 format, building his talk around the top 20 causes of cryptographic failure. "Most cryptographic products are not secure," he asserted, emphasizing that cryptography itself is stronger than it generally needs to be, while the rest of a crypto-based system often falls short.
When it comes to building a secure system, Schneier said in a conversation later that day, cryptography is like a spike in the ground in front of the gate to your fortress. You can make that spike thicker and taller, but you're still relying on an attacker to run into that spike instead of going over the wall to either side. "I'll take a palisade that's just 20 feet tall," he said, "but that spans the entire side of the fortress, rather than a spike that's one mile tall but only protects the front door."
A strong cryptographic algorithm can be terribly weakened, Schneier warned, by any reliance on user-remembered secrets, such as passwords. "Users cannot remember good secrets," he asserted.
A password, for example, represents about four bits' worth of unpredictability (or "entropy," as crypto folks call it for short) for each character. A system that generates a 128-bit key, based on a 10-character password, is only as secure as it would be with a 40-bit key -- and even a 56-bit key is now considered readily crackable.
Pass phrases give even less protection per character because English words are so nonrandom in their grouping of letters. A pass phrase has about 1.3 bits of entropy per character, making a 30-character pass phrase only about as secure as a 10-character password.
It's In The Script
Schneier warned that many corporate IT organizations have a false sense of security because they carry over ways of thinking about security from the real world into the digital world. A certain mode of attack may be thought "too difficult" for typical crackers, but in the digital world an exotic attack is only difficult for the first person who uses it. Every subsequent attacker just uses the first cracker's script, just as a 15-year-old street criminal needs no knowledge of ballistics or materials engineering to point and shoot a pistol (in Schneier's excellent comparison).
"People talk about 'teenage genius' hackers," Schneier lamented. Most of the time, he asserted, a high-profile cracker uses another person's attack script to exploit security holes that have long been known, but that an administrator has not bothered to close.
"A secure computer is one that has been insured," said Schneier. Security should be designed for the day that it fails. No system is invulnerable, he warned, but good systems capture the data that is needed to convict those who crack them.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..