Page 559 - StudyBook.pdf
P. 559

Basis of Cryptography • Chapter 9  543


                   their discovery approaches zero. Rather than trying to guess a key’s value,
                   it’s far easier for would-be attackers to  steal the key from where it’s
                   stored, so extra precautions must be taken to guard against such thefts.
                        Cryptosystems are similar to currency—people use them because
                   they have faith in them. You can never prove that a cryptosystem is
                   unbreakable (it’s like trying to prove a negative), but you can demon-
                   strate that the cryptosystem is resistant to attacks. In other words, there
                   are no perfect cryptosystems in use today, but with each failed attempt
                   at breaking one, the strength of the faith grows. The moment a cryp-
                   tosystem is broken (and knowledge of that is shared), the system col-
                   lapses and no one will use it anymore. The strongest systems resist all
                   attacks on them and have been thoroughly tested for assurances of their
                   integrity. The strength of a cryptosystem is described in the size and the
                   secrecy of the keys that are used, rather than keeping the algorithm itself
                   a secret. In fact, when a new cryptosystem is released, the algorithms are
                   also released to allow people to examine and try to create an attack
                   strategy to break it (called cryptanalysis). Any cryptosystem that hasn’t
                   been subjected to brutal attacks should be considered suspect. The recent
                   announcement by the NIST of the new AES to replace the aging DES
                   system (described earlier), underscores the lengths to which cryptogra-
                   phers will go to build confidence in their cryptosystems.


                 Digital Signatures

                 Digital signatures serve to enforce data integrity and non-repudiation.A digital sig-
                 nature ensures that the message received was the message sent, because a hash was
                 performed on the original message using a hashing algorithm.The hash value cre-
                 ated by this process is encrypted by the author’s private key and appended to the
                 message.To verify that the message has not been modified, the recipient uses the
                 author’s public key to decrypt the hash created by the author.The recipient also
                 creates a hash of the message body. If the recipient’s hash matches the hash created
                 by the author of the message, the recipient knows that the message is unaltered.
                 Refer to Figure 9.2 for the digital signature verification process.














                                                                              www.syngress.com
   554   555   556   557   558   559   560   561   562   563   564