nCircle.com >> 360 Security

« Mobility comes at a cost? | Main | SCADAGard SIG To Be Established »

Expiration Dates for Encryption Algorithms?

Two recent events have got me thinking about encryption. First, SHA-1 was broken. Second, the 40th Anniversary of Moore's Law passed. When you put these two things together, it reminds you that encryption isn't static. Algorithms still get broken, still have problems. As computing systems get faster (and they certainly do), brute force attacks on encryption become faster as well.

At one point, not too long ago, it took days to crack a WEP key. This month, these FBI agents accomplished the task on a 128 bit WEP key in 3 minutes. The point here is that these attack vectors on encryption algorithms won't go away, ever. Systems for encrypting data have expiration dates. They may not be fixed dates and they may not be known dates, but they're out there somewhere.

Which brings us around to system design and architecture. If you design a system that relies on a particular encryption method, you better also consider how you're going to upgrade when that expiration date suddenly appears.

Posted by Tim Erlin on April 21, 2005 8:08 AM |

Search


About

This page contains a single entry from the blog posted on April 21, 2005 8:08 AM.

The previous post in this blog was Mobility comes at a cost?.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]