SAN FRANCISCO—What do the world’s greatest cryptographers think about the current state of information security? At a panel at the RSA Conference Feb. 25, the discussion began with the National Security Agency (NSA) disclosures about surveillance of Americans.
Adi Shamir, professor in the computer science department at the Weizmann Institute of Science in Israel and the “S” in RSA, said he was not surprised by the NSA disclosures. “Everyone assumed that the NSA has lots of tools and abilities,” Shamir said. “Tactically, the disclosure is a treasure trove, and it is fascinating to read about the exploits.”
Whitfield Diffie, who currently serves on the advisory board at SafeLogic, said he was disturbed by the revelation that the NSA would attempt to tamper with security standards in order to gain advantage. “I grew up in an era where I believed the government was 100 percent interested in the security of American communications,” Diffie said.
Ron Rivest, professor of computer science at the Massachusetts Institute of Technology and the “R” in RSA, said that, fundamentally, a democracy needs an informed public to know about what the government is doing.
“We are still at a really early stage of understanding what role government should play in the privacy of citizens,” Rivest said.
There is, however, a silver lining for cryptographers in the recent NSA disclosures.
There is no indication that NSA was able to break any of the major cryptographic systems in use today, Shamir said. The reports indicate that NSA had to use different implementation techniques and software trap doors, but there is nothing indicating that the NSA was able to break the mathematics, he added.
“It’s the applications and endpoint security which is suffering,” Shamir said.
Forward Secrecy
One of the ways that current cryptographic security deployments can be further improved is by implementing a technique known as “forward secrecy.”
Diffie explained that Forward Secrecy is about the notion that cryptographic keys should be ephemeral and not long lasting. “So if someone learns your key today, they won’t know what your key was yesterday or what it will be tomorrow,” Diffie said. “It’s a very desirable technique to limit attack penetration.”
Bitcoin
The RSA cryptographers panel also discussed the current cryptocurrency environment and the rise of Bitcoin.
Although there is a lot of potential with Bitcoin, many things are going wrong with it, Shamir said. The promise of decentralization doesn’t really exist with Bitcoin, and security is also a major concern as Bitcoin wallets that store currency are often attacked, he said.
“The currency of the Internet cannot be kept on the Internet,” Shamir said.
Both Shamir and Diffie said the security of digital wallets isn’t seen as being particularly robust.
“Your [physical] wallet is more secure than any computer you use,” Diffie said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.