Avoid security through obscurity


When you are considering buying a crypto product demand that you get a clear written description of the cryptographic essentials of the product - this can be a number identifying a patent or another written description. The purpose of this is to enable the verification of the claimed cryptographic properties. Also when new crypto attacks become known their effectiveness against the product can be checked via the description. The software vendor will also be more willing to improve the defenses when the newly discovered vulnerabilities are publicly known.

The hiding of the security design principles is not a good idea – this is called security through obscurity. In cryptography it must be assumed that eventually the design will become known to the opponent and it is much better if the design has been analyzed by many people before this happens.

The software vendor should also have analyzed the consequences of certain possible successful attacks and what damage they cause to the security. Especially attacks that can be made possible via human error or dishonesty are important. In practice this means that the vendor must consider what damage a successful hacking into user’s computer or into a server (if one is used) can cause. In the light of recent attacks against the SSL/TLS protocol one should have analyzed the consequences of fake certificates. Recent revelations of how a government compels companies to give user data in servers should discourage the storing of sensitive data to third party servers – certainly in the case that the data is in unencrypted form even for a millisecond time and much consideration should be given also to the (seemingly more secure) case where the data is encrypted and the keys are only in the hands of the true owner of the data. If at later time the encryption keys can be stolen the stored data in third party servers may become vulnerable – depending on the cryptosystem’s design.

Essential things:

The general workflow, how the keys are derived, standards used, used ciphers and their modes of operation.