• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Going beyond Public/Private Key Cetrificates and encryption

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
Gerhardsa
Just Arrived
Just Arrived


Joined: 29 Jul 2010
Posts: 0


Offline

PostPosted: Thu Jul 29, 2010 11:17 am    Post subject: Going beyond Public/Private Key Cetrificates and encryption Reply with quote

Hi there guys.
a quick question or two.
In this technology and information world we live in, security in ICT is of the utmost importance.
My question...
Just as Public key encryption and certificates have made the information and internet world safer security wise, what would be the logical progression in the security with regards to improving certificates Public/Private keys? what type of encryption tech would be the next in line with regards to enhancing internet security...is there another quantum leap in this field on the horizon or not? Is this as good as it gets?

Thanks
G
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Thu Jul 29, 2010 2:54 pm    Post subject: Reply with quote

Hi Gerhardsa,

As someone who works in crypto I certainly wouldn't say that
Quote:
Public key encryption and certificates have made the information and internet world safer security wise


It has the potential to do so but its implementation is minute and often poorly done. I suspect that you are mainly referring to SSL. Which relies too much on human processes.

With regards whats going to be the next logical step with encryption, thats a small component of a bigger security framework, PKI. I know some people shy away from using that TLA and some would say that PKI is dead but I would say not. Encryption is just a small part of a PKI. From the encryption standpoint think about full disk encryption, email encryption and SSL. All of these facets have to be managed from a life cycle perspective.

So whats next, well if you look at the past
90's - Encryption available
00's - Encryption usable
10's - Encryption manageable

So for me, the big thing is making it manageable. That also means removing the human element. Just this about the padlock in IE, how has this changed over the years. Any dodgy SSL cert is now seriously flagged to the user. Previously this was ignored by developers and end users as it wasn't considered a risk. We have a very long way to go but I certainly see a future where all binaries are signed, all emails are encrypted and verified and users don't have to do anything.

FireAnt
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register