 | ||
|
| ||
| ||
|
| ||
Microsoft Corporation
September 10, 1996
The strength of the operations depend on a number of things. All public-key cryptographic operations and protocols require that the private keys be kept private. Here's a summary of some of the additional measures:
As the paragraphs above make clear, cryptography is vulnerable to both increases in computing power and discoveries of weaknesses in algorithms. Cryptography must be easily upgraded or replaced to be most valuable.
For example, Moore's law (computing power doubles every 18 months) shows that a cryptographic algorithm which might take 16,000 years to invert using brute force techniques on a single PC in 1996 might take only 1,000 years to invert on a single PC in 2002. The availability of cycles on networked PC's only exacerbates this situation.
Algorithms which were once thought to be secure may have holes. For example, the MD4 algorithm (a hashing algorithm) was believed to be difficult to subvert, however it has been shown to be insecure.
Protocols which relied upon key lengths or hashing algorithms might be fine in themselves, but be vulnerable because of insufficient key lengths, or poor choice of algorithm. Rather than rewriting a protocol or solution from scratch, systems should allow key lengths to be increased or strong algorithms to be substituted when a weakness is found.
Did you find this material useful? Gripes? Compliments? Suggestions for other articles? Write us!
© 1999 Microsoft Corporation. All rights reserved. Terms of use.
Back to top