Friday, March 02, 2007
Are you handling health information or credit cards?
Government and private-sector regulations are pushing people to encrypt sensitive data.
I've been saying for a while that encryption doesn't solve a single problem. It simply changes the problem, ideally to one that's easier to manage. The problem of keeping data confidential changes to the problem of keeping crypto keys confidential.
Simply keeping that in mind will help you avoid several of crypto expert Anton Chuvakin's five mistakes of data encryption.
His other points have to do with the "build or buy" decision. For crypto, the answer is "buy" (or, in the case of free software, "reuse". Plenty of superb crypto software is available at no charge ("free as in free beer") on openhanded license terms ("free as in free speech")). You don't want to roll your own because crypto is the easiest thing in the world to mess up without knowing that you've goofed. Use something that someone else has tested, preferably for years and with many outside reviewers.
|
I've been saying for a while that encryption doesn't solve a single problem. It simply changes the problem, ideally to one that's easier to manage. The problem of keeping data confidential changes to the problem of keeping crypto keys confidential.
Simply keeping that in mind will help you avoid several of crypto expert Anton Chuvakin's five mistakes of data encryption.
His other points have to do with the "build or buy" decision. For crypto, the answer is "buy" (or, in the case of free software, "reuse". Plenty of superb crypto software is available at no charge ("free as in free beer") on openhanded license terms ("free as in free speech")). You don't want to roll your own because crypto is the easiest thing in the world to mess up without knowing that you've goofed. Use something that someone else has tested, preferably for years and with many outside reviewers.
# posted by Frederick @ 1:17 PM Email to a friend:
Haloscan: they provide trackback