Chapter 5 - Using cryptographic software properly


By Kurt Seifried, [email protected], Copyright Kurt Seifried

Of course like any security measures cryptographic software is only effective if used properly, on a secure system. If you have been infected with Back orifice, and someone has copied all your public and private keys, as well as logged your keystrokes and found the passphrases to access these keys, no matter how strong the encryption is it'll be useless. On a UNIX system things are difficult if you are a user since the super user (root) has full access and can easily access your keys/log keystrokes (this goes for an attacker that gains super user access to). Securing UNIX is a very large topic, there is a wealth of information available however, but it revolves around the same principles of any operating system.

Most modern encryption systems use pretty solid cryptography, most of the failings are in management of encryption keys, sessions, or other related tasks. Many users will store their encryption keys in accessible areas, with poor passphrases. When protected by a good passphrase ("L3t's g0 t0 7he b3ach and have some sandy good hotdogs with pumpkins and 9868lovermonkey") they are very hard to recover, however if protected by a poor passphrase ("sekret") they are easily recovered. Of course very few people will use long passphrases since they are difficult to remember and type in. One of the most effective methods for protecting encryption keys/etc is to use an offline system (i.e. no network/modem/etc) and transfer data to it via floppy/zip/jaz/tape drive, then encrypt/decrypt/etc as necessary and move the finished form to a networked machine to send it. This is how root level keys are generally protected (requiring physical access to the machine makes security significantly simpler).

Another consideration is Open verses Closed source crypto. OpenSource crypto programs can (and are) reviewed by knowledgeable people that are paranoid and want to make sure they work as advertised. Closed source programs have a higher probability of containing back doors or other problems (intentional or otherwise), although rare it has occurred.


[ Back | TOC | Forwards]