|
PKI – the public key infrastructure
- Security
Engineering
- Ross
Anderson
- 2001, New York, NY: John Wiley & Sons
- The
Code Book
- Simon
Singh
- 1999, London, UK: Fourth Estate
- CESG
(The "information
assurance arm" of GCHQ)
- In 1973, inspired by the pioneering work of James Ellis a few years
earlier, Cliff Cocks of CESG invented the first practical method for
what we now call public key cryptography (PKC). The technology was subsequently
discovered independently and developed into RSA; it was not until 1997
that it was publicly revealed that CESG had got there first!
- Glossary
- Netscape glossary of PKI terms
- What
is a PKI?
- The comprehensive system required to provide public-key encryption
and digital signature services is known as a public-key infrastructure.
- PGP Desktop
Security, Appendix C
- "If all the personal computers in the world—260 million—were
put to work on a single PGP-encrypted message, it would still take an
estimated 12 million times the age of the universe, on average, to break
a single message.” —William Crowell, Deputy Director, National Security
Agency, March 20, 1997.
- X.509
Certificates and Certificate Revocation Lists (CRLs)
- In One Sentence: What is a Certificate?
- Ten
Risks of PKI: What You're not Being Told about Public Key Infrastructure
- Computer security has been victim of the "year of the..." syndrome.
First it was firewalls, then intrusion detection systems, then VPNs,
and now certification authorities (CAs) and public-key infrastructure
(PKI). "If you only buy X," the sales pitch goes, "then you will be
secure." But reality is never that simple, and that is especially true
with PKI.
- Are
your secrets safe?
- ... Two cryptographers have discovered that the randomness of the
"keys" that are used to encode encrypted documents could be their downfall
... The more random a private signature key is, the harder it is to
crack encrypted files. But by scanning hard drives for chunks of data
that are particularly random, the pair found that it is possible to
weed out keys stored on a disc. Most programs organise data into some
sort of level of structure, so blocks of randomness stand out and can
be spotted with the same ease that a human eye can tell the difference
between a good TV picture from one with lots of interference ... "It
would be possible to write a program that searches the hard disc automatically
and sends the key to the villain," says van Someren. This, he says,
could be carried out by a virus that runs only when the screensaver
is on, making it extremely difficult for the user to detect. A running
screensaver could contain viral code that would tell a hacker when the
user is away from their desk—and thus wouldn't notice the computer slowing
down as the virus hunts for keys.
|