Product Description
Niels Ferguson (Amsterdam, Netherlands) is a cryptographic engineer and consultant at Counterpane Internet Security. He has extensive experience in the creation and design of security algorithms, protocols, and multinational security infrastructures. Previously, Ferguson was a cryptographer for DigiCash and CWI. At CWI he developed the first generation of off–line payment protocols. He has published numerous scientific papers.
Bruce Schneier (Minneapolis, MN) is Founder and Chief Technical Officer at Counterpane Internet Security, a managed–security monitoring company. He is also the author of Secrets and Lies: Digital Security in a Networked World (0–471–25311–1).
From the Back Cover
In today’s world, security is a top concern for businesses worldwide. Without a secure computer system, you don’t make money, you don’t expand, and–bottom line–you don’t survive. Cryptography holds great promise as the technology to provide security in cyberspace. Amazingly enough, no literature exists about how to implement cryptography and how to incorporate it into real–world systems. With Practical Cryptography, an author team of international renown provides you with the first hands–on cryptographic product implementation guide, bridging the gap between cryptographic theory and real–world cryptographic applications.
This follow–up guide to the bestselling Applied Cryptography dives in and explains the how–to of cryptography. You’ll find discussions on:
- Practical rules for choosing and using cryptographic primitives, from block ciphers to digital signatures
- Implementing cryptographic algorithms and systems in a secure way on today’s computers
- A consistent design philosophy to ensure that every part of the system achieves the required security level
- Why security affects every part of the system, and why it has to be a primary goal of the project
- How simple interfaces for cryptographic primitives reduce system complexity and increase system security
About the Author
BRUCE SCHNEIER is founder and chief technical officer at Counterpane Internet Security, a managed–security monitoring company. A world–renowned scientist, security expert, and lecturer, he is the author of Secrets and Lies: Digital Security in a Networked World and Applied Cryptography (both from Wiley).
Excerpted from Practical Cryptography by Ferguson. Copyright © 2003. Reprinted by permission. All rights reserved.
This book is about security: about how to build secure cryptographic systems. In this book, we are fanatical about security. There is a good reason for this. In all our years of working in this field, we have yet to see an entire system that is secure. That’s right. Every system we have analyzed has been broken in one way or another. There are always a few components that are good, but they invariably get used in insecure ways.
If we as a society want to secure our digital future, we will all need to shape up and do better. It is our hope that this book can contribute to that.
This book gives you a great deal of practical information about cryptographic systems, but none of that matters unless we can convince you that security is important enough to do right. Doing it right means being ruthless in many other areas. This will be hard to adjust to. It took us many years to become ruthless enough. There is no point in having just a bit of security. That is like putting up half a fence around a yard, or locking only your front door and leaving your back door wide open. Security is a system property you cannot compromise on. One hole in the fence is all it takes. So everything else has to give way to create enough room for security. From experience, we know that this is a tough sell in the IT industry. Yet it will have to be done if we want to be safe in our digital world.
OUR DESIGN PHILOSOPHY
The Evils of Performance
The bridge over the Firth of Forth in Scotland has to be seen to be believed. A 19th century engineering marvel, it is mindnumbingly large (and therefore expensive) compared to the trains that cross it. It is so incredibly overengineered it is hard to believe your eyes. Yet the designers did the right thing. They were confronted with a problem they had not solved successfully before: building a large steel bridge. They did an astoundingly good job. They succeeded spectacularly; their bridge is still in use today over a century later. That’s what good engineering looks like.
Over the years, bridge designers have learned how to build such bridges much more cheaply and efficiently. But the first priority is always to get a bridge that is safe and that works. Efficiency, in the form of reducing cost, is a secondary issue.
We have reversed these priorities in computer security. The primary design objective all too often includes very strict efficiency demands. The first priority is always speed, even in areas where speed is not important. This leads to security cost-cutting, and security is an area of engineering where we really don’t have the skills to build a good system even if we are given an unlimited budget. The result is invariably a system that is somewhat efficient, and inevitably a system that is not secure.
There is another side to the Firth of Forth bridge story. In 1878, Thomas Bouch completed the then-longest bridge in the world across the Firth of Tay at Dundee. Bouch used a new design combining cast iron and wrought iron, and the bridge was considered to be an engineering marvel. On the night of December 28, 1879, less than two years later, the bridge collapsed in a heavy storm as a train with 75 people on board crossed the bridge. All perished. It was the major engineering disaster of the time.1 So when the Firth of Forth bridge was designed a few years later, the designers put in a lot more steel, not only to make the bridge safe but also to make it look safe to the public.
We all know that engineers will sometimes get a design wrong, especially 1William McGonagall wrote a famous poem about it, ending with the lines For the stronger we our houses do build/The less chance we have of being killed. Advice that is still highly relevant today.
1.1. The Evils of Performance when they do something new. And when they get it wrong sometimes people are killed. But here is a good lesson from Victorian engineers: if it fails, back o® and become more conservative. The computer industry has forgotten this lesson. When we have very serious security failures in our computer systems, and we have them every week or so, we just plod along, accepting it as if it were fate. We don’t go back to the drawing board and design something more conservative. We just keep throwing a few patches out and hoping this will solve the problem. That is disgraceful.
By now it will be quite clear to you that we will choose security over efficiency any time. How much CPU time are we willing to spend on security? Almost all of it. We wouldn’t care if 90% of our CPU cycles were spent on a reliable security system. The lack of computer security is a real hindrance to us, and to most users. That is why people still have to send pieces of paper around with signatures, and why they have to worry about viruses and other attacks on our computer. Digital crooks of the future will know much more and be much better equipped, and computer security will become a larger and larger problem. We have only seen the very beginning of the digital crime wave. If we want to keep using the Internet for business transactions, we will have to secure our computers much better.
There are of course many ways of achieving security. But as Bruce extensively documented in Secrets and Lies, good security is always a mixture of prevention, detection, and response [7]. The role for cryptography is in the prevention part....
