PETER COFFEE: PC AT WORK (PC-Week, 8/10/98)
STRONG CRYPTOGRAPHY CAN'T PROTECT A WEAK SYSTEM
DESPITE OVEN-HOT JULY HEAT, A RECENT TRIP TO Las Vegas to hear
Bruce Schneier speak to IT security pros and customers at the second annual Black Hat
Briefings (www.blackhat.com) was well worthwhile. In remarks titled "A Hacker Looks
at Cryptography," Schneier punctured the hype that often surrounds his own area of
expertise. You might not expect to hear Schneier, author of the widely praised book
"Applied Cryptography," reminding an audience of a comment that's often quoted, but
that neither of the suspected sources will admit to having made: "If you think
cryptography can solve your problem, then you don't understand your problem and you
don't understand cryptography."
In his talk, Schneier added a bit, so to speak, to the popular top-1O format,
building his talk around the top 20 causes of cryptographic failure. "Most cryptographic
products are not secure," he asserted, emphasizing that cryptography itself is stronger
than it generally needs to be, while the rest of a crypto-based system often falls short.
When it comes to building a secure system, Schneier said in a conversation later
that day, cryptography is like a spike in the ground in front of the gate to your fortress.
You can make that spike thicker and taller, but you're still relying on an attacker to run
into that spike instead of going over the wall to either side. "I'll take a palisade that's just
20 feet tall," he said, "but that spans the entire side of the fortress, rather than a spike
that's one mile tall but only protects the front door."
A strong cryptographic algorithm can be terribly weakened, Schneier warned, by
any reliance on user-remembered secrets, such as passwords. "Users cannot remember
good secrets," he asserted. A password, for example, represents about four bits' worth of
unpredictability (or "entropy," as crypto folks call it for short) for each character. A
system that generates a 128-bit key, based on a 1O-character password, is only as secure
as it would be with a 40-bit key—and even a 56-bit key is now considered readily
crackable.
Pass phrases give even less protection per character because English words are so
nonrandom in their grouping of letters. A pass phrase has about 1.3 bits of entropy per
character, making a 30-charac-ter pass phrase only about as secure as a IO-character
password.
IT'S IN THE SCRIPT
Schneier warned that many corporate IT organizations have a false sense of
security because they carry over ways of thinking about security from the real world into
the digital world. A certain mode of attack may be thought "too difficult" for typical
crackers, but in the digital world an exotic attack is only difficult for the first person who
uses it. Every subsequent attacker just uses the first cracker's script, just as a 15-year-old
street criminal needs no knowledge of ballistics or materials engineering to point and
shoot a pistol (in Schneier's excellent comparison).
"People talk about 'teenage genius' hackers," Schneier lamented. Most of the time,
he asserted, a high-profile cracker uses another person's attack script to exploit security
holes that have long been known, but that an administrator has not bothered to close.
"A secure computer is one that has been insured," said Schneier. Security should
be designed for the day that it fails. No system is invulnerable, he warned, but good
systems capture the data that is needed to convict those who crack them.