This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
The Virtues of Mature and Minimalist Cryptography
July/August 2008 (vol. 6 no. 4)
pp. 62-65
Justin Troutman, Extorque Cryptographic Services
This installment of Crypto Corner takes a concise look at some of the issues responsible for why cryptography usually ends up looking bad, in practice, and fails to establish the right threat model, let alone realize it. Ultimately, this failure is largely due to a lack of cryptographic competence and the dreaded habit of crammed-in-and-cobbled-together design.

1. S.M. Bellovin, "Problem Areas for the IP Security Protocols," Proc. 6th Conf. Usenix Security Symp., Usenix Assoc., 1996, pp. 1–16.
2. S. Vaudenay, "Security Flaws Induced by CBC Padding," Proc. Int'l Conf. Theory and Applications of Cryptographic Techniques, Springer-Verlag, 2002, pp. 534–546.
3. J. Black and H. Urtubia, "Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption," Proc. 11th Usenix Security Symp., Usenix Assoc., 2002, pp. 327–338.
4. J. Daemen and V. Rijmen, The Design of Rijndael: The Advanced Encryption Standard, Springer-Verlag, 2002.
5. M. Bellare and C. Namprempre, "Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm," Proc. 6th Int'l Conf. Theory and Application of Cryptology and Information Security, (AsiaCrypt 00), Springer-Verlag, 2000, pp. 531–545.
6. H. Krawczyk, "The Order of Encryption and Authentication for Protecting Communications (or: How Secure is SSL?)," Proc. 21st Annual Int'l Cryptology Conf. Advances in Cryptology, Springer-Verlag, 2001, pp. 310–331.
7. M. Dworkin, Recommendation for Block Cipher Modes of Operation: Methods and Techniques, special publication 800-38A, US Nat'l Inst. Standards and Tech., 2001.
8. M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, special publication 800-38B, US Nat'l Inst. Standards and Tech., 2005.
9. M. Bellare, P. Rogaway, and D. Wagner, The EAX Mode of Operation: Fast Secure Encryption, Springer-Verlag, 2004, pp. 389–487.
10. R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, 2001.

Index Terms:
cryptography, authenticated encryption, recycling primitives, Advanced Encryption Standard, AES, Crypto Corner
Citation:
Justin Troutman, "The Virtues of Mature and Minimalist Cryptography," IEEE Security & Privacy, vol. 6, no. 4, pp. 62-65, July-Aug. 2008, doi:10.1109/MSP.2008.99
Usage of this product signifies your acceptance of the Terms of Use.