A well-known security meme is that “encryption is easy, it’s key management that’s hard.” But while this may be true for certain encryption use cases, it’s most definitely not true across the board. It’s a convenient meme for vendors, of course, who’ll simply point at a “we use AES” or “we’re FIPS 140-2 validated” statement and call it good. But for the end user this nothing short of unhelpful.
Understanding cryptography is hard, and validating a system where the core crypto is only one small part of a large, critical system is even harder. One of the largest problems in my opinion is the scope of FIPS 140-2. First off, the lowest level (1) doesn’t mean much in terms of how well the crypto system is implemented. But furthermore, it creates validation only for part of the entire solution. As an example, see a 2010 incident where FIPS 140-2 level 2 validated USB flash drives were compromised completely.
To get a better handle on crypto, current customers might review the just-updated “Understanding and Evaluating Cryptographic Systems: An Information Security Foundation” [subscription required] for a more complete picture. The evaluation includes algorithms, protocols, key generation, but also – very important – the overall system itself:
Proper design and implementation of cryptography are challenging, even when secure algorithms and protocols are used. Misapplied or incorrect hardware, software and architecture can all reduce or negate cryptographic security.
in the end, the strength of the system is just one piece of the puzzle. A more fundamental problem, and one that needs to be addressed before the crypto system evaluation starts is that the power of encryption is grossly overestimated. And I will address that in a series future posts.