10/16/08

Security is still a chain

“Security is a chain; it’s as strong as the weakest link. Mathematical cryptography, as bad as it sometimes is, is the strongest link in most security chains. Our symmetric and public-key algorithms are pretty good, even though they’re not based on much rigorous mathematical theory. The real problems are elsewhere: computer security, network security, user interface and so on.” Bruce Schneier reminds us of these facts in a recent Wired column, Quantum Cryptography: As Awesome As It Is Pointless.

We get excited about new technologies and cool new features and devices. And then we ignore security policies and procedures, use and reuse weak passwords, and still don’t encrypt computer drives.

He closes by saying, “… as a product, it has no future. It’s not that quantum cryptography might be insecure; it’s that cryptography is already sufficiently secure.” Maybe quantum crypto will keep foreign powers from reading our critical national information. But for the rest of us, what we have is good enough. If only we would use it.

No comments: