INVITATION TO CYBERSECURITY 184 key cryptography, errors can be made that forfeit the bullet-proof security that people assume they are gaining. Mistakes like these are due to the complexity of computer cryptography and also ignorance of how the process is supposed to work. Care must be taken to learn the proper way of doing things in order to be confident that one’s messages are in fact secure. For example, Figure 7.8 (page 159) shows a short message being encrypted with AES 256. Note the many flags used in the encryption command—failure to understand what they do can result in a less secure encrypted message. Even though AES 256 is a highly secure encryption algorithm, this encrypted message is not safe from prying eyes because it is encrypted with the key SECRET instead of a random 256-bit string that must be used as the key with AES 256 to get the security properties it promises. Therefore, this ciphertext is vulnerable to a simple forward search attack using a dictionary as a wordlist. Fortunately, most of the cryptography users depend on to keep them secure is embedded behind the scenes in software written and vetted by experts, so they do not have to worry about things like command line flags. Many people do not even realize that their Internet traffic is being encrypted and decrypted by their web browsers—but it is! Of course, combining the complexity of computing with the complexity of cryptography ensures that no implemented cryptosystem is provably perfectly secure. Any claim to the contrary is misleading at best. 7.5 Conclusion The history and evolution of cryptography is fascinating. In the past its use was mostly limited to governments and militaries, but today it is used by nearly everybody on the planet. Without computer cryptography, the modern Internet would not be possible. There would be no way to protect messages propagating over untrusted channels. Cryptography is also used locally on computers to protect the privacy of individuals and organizations. It is believed that no entity, no matter how big and powerful, can read messages properly encrypted by the standard and freely available cryptosystems in use today. Later in Section 9.2.2 of this text we will cover some more of the practical uses of cryptography. Cryptography is the bedrock of cybersecurity. It is the primary way data confidentiality and integrity are achieved in cyberspace, and it is also used for an important component of access control: authentication. The next chapter explores access control in depth.
RkJQdWJsaXNoZXIy MTM4ODY=