From a cryptography point of view, the cryptography in use now is good enough for the foreseeable future. It takes an amazing amount of effort to break ciphers now and with longer key lengths brute force attacks become exponentially more difficult. It really is as simple as doubling key length to keep ahead of the processing power and new brute force attacks that can be made on a key. With that said, enterprises and e-commerce providers do have the cryptography that can keep them secure for a very long time.
What does have to change in cryptography is how the crypto keys are managed and protected. While it is very hard to break a key, the real threat lies in key management and distribution of the keys. Grid computing cracking a key should not worry a CSO. A key left unprotected for a rogue employee to openly steal, should.
And more and more systems and services will be using cryptography, which will exacerbate the management problem. Web services are a perfect example of how the need for key management will be the real next gen need for cryptography. Being able to have keys be used across networks, quickly change with organizational changes, managing the life cycle of a key from birth to death. Those are the issues that will have to be dealt with and what our customers need. These other technologies, such as quantum and photonic encryption, are more science fiction then science fact right now and use of them in any practical way will not happen for many years.
What developments does nCipher envisage in 2003?
One of the areas that we will be working more specifically on is integrating our products with vendors that are marketing the highest levels of cryptography and security. There will be a market for customers that want to tell the world that they have the most secure networks available and people may well be prepared to pay a premium for working with these secure networks. Protecting and managing keys in hardware is simply best practice security and this is what we do best. We will continue to work to integrate our products with vendors that are looking to benefit from selling security as a marketable differentiator.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.