I've moved this to the top because I feel it is the most important statement that can be made Hadmut said : > Security doesn't > necessarily mean cryptography.
----- Original Message ----- From: "Hadmut Danisch" <[EMAIL PROTECTED]> Subject: Re: The future of security > On Mon, Apr 26, 2004 at 08:21:43PM +0100, Graeme Burnett wrote: > > > > Would anyone there have any good predictions on how > > cryptography is going to unfold in the next few years > > or so? I have my own ideas, but I would love > > to see what others see in the crystal ball. > - I don't expect that there will be much progress in > maths and theory of cryptography. Very few inventions > will make it out of the ivory tower, if any at all. I actually expect quite the opposite, we seem to be reaching an age in cryptanalysis where we are developing techniques faster than they can be functionally applied, and the speed of development is only increasing here. We've now gone from a time when we were seeing a new functional attack about every five years (differential to linear), to now just during the AES selection proces we had a number of potential new avenues opened up. I expect this trend to continue for a while, and the news taht this generates should bring greater light, and more active people to studying cryptography. I expect this trend to continue for approximately 1 human generation (about 20 years), but that human nature being what it is, that the second human generation in this timeframe will have substantially fewer cryptanalytic advances. > Key lenghts will increase. We'll play RSA with > 4096 or 8192 bit. Actually I'm seeing an increasing trend in moving away from RSA and DH because the keys are becoming too big. The required key length to match the strength of AES-256 is simply too large to offer functional speed, instead we're going to have to switch over to the assymptotically superior encryption/decryption/signing/verifying algorithm, because of this we should see a major increase in the research moneys applied towards public key techniques, this compounded with my expected increase in the number of cryptanalysts should result in some very interesting times. > They will find that Quantum Computers > may be fast, but still bound to computation complexity. I agree. > - SSL/TLS will become even more of a de facto standard in > open source software and (new?) protocols. It will make > it's way into the standard libraries of programming languages > (e.g. as it did for Ruby). Again I have to disagree with you, we're already seeing some backlash against SSL/TLS, where many people are beginning to see the value in protecting the data not the link. This methodology fairly well eliminates the usability of SSL/TLS, the added complexity of the new PK algorithms will almost certainly spell doom for the current protocols in use. > - I don't expect that we'll ever have a common PKI for > common people with a significant distribution. It's like > with today's HTTPS: The big ones have commercial certificates, > plain people use passwords and simple authentication mechanisms > (like receiving a URL with a random number by e-mail). Again I have to disagree, I can only speak for what Trust Laboratories is doing, but we are at this moment working on projects that will lower the necessary threshhold for PKI implementations (through client proliferation). This combined with the already solidly known presence of NGSCB in the majority of future PCs should have the added effect that, while Verisign-like PKI may remain unusual, the availability of what can be treated as a smartcard in every computer will certainly increase the availability of PKI to the common man. > - I guess the most important crypto applications will be: > > - HTTPS of course For the short term yes, but longer term I actually think that HTTPS will diminish, in fact some measurements are already showing a trend where per capita web usage is already decreasing, so HTTP may soon be decreasing, lead ing to an obvious decrease in the usage of HTTPS. This combined with the "protect the data not the link" movement should have substantial further impact. > - portable storage equipped with symmetric ciphers > such as USB-Sticks and portable hard disks. Agreed, but I also think we'll start seeing distributed file system, I know we are working on them, and have already had some interest form companies. These distributed file systems will make use of smart cards (although the form factor WILL be different). With the proliferation of high speed data connections (US cell phones are already available at 150 Kbps, and 3G can bring speeds of up to 1Mbps, in the next few years WiMax, and great future cell potential e.g. Flarion) I suspect that removable storage will actually decrease, that leaves moving those USB/removable drives over to distributed file systems or even in some cases p2p networks (more on this from Trust Laboratories in the future) which will massively reduce cost. I'm even expecting that we will see cell phones begin to include streamed audio files for playback, effectively eliminating the need for large quantities of flashRAM/storage. > - VPN routers Very much agreed, the VPN market will grow substantially, and I believe again long-term the IPsec market will grow at the expense of the SSL VPN market. Longer term I'm expecting that within 20 years IPsec will be outdated by the movement of VPN technology into TCP/IP (or it's replacement) which would at the same time eliminate SSL/TLS. > - Voice over IP Here I'm not so sure about the cryptographic implications. The truth is that most phone conversations are not worth protecting, and that the common man does not care about creating coverfire for those that do need it. I'm actually more expecting that those that do require this will for now run over TLS (see SIP specification) and that in the future these will be done over IPsec, until both are outdated. > - DRM Of course. > - maybe in digital passports and credit cards CC is already being done, the Visa 3D-Secure initiative which should become the Visa requirement (support only, 2008 should see saturation) next year should vastly improve the situation. > - simple auth tokens like RSA SecurID, Aladdin eToken > will become more commonly used. Short term I agree, but longer term there's already a movement that I can't discuss (sorry guys NDA) where the form factor is changing. > - As a consequence, I guess that politicians will reopen the > 1997's discussion of prohibiting strong encryption. They already > do. I'll actually go a step further, I believe that within the next decade we will see strong cryptography blanketly allowed in virtually every country in the world. The reasoning is fairly easy to follow, Visa has the ability to prod as many politicians as they would like, and they have found that strong cryptography is invaluable to them. They will almost certainly push for government to step out of the way of cryptographic advances. Although we will probably see an increase in laws that effectively prevent cryptanalysis in the short-term, longer-term we will see most of these laws voided. > - Maybe we'll have less crypto security in future than we have > today. > > 5-10 years ago I knew much more people using PGP than today. I agree there will be casualties in the security area, people are increasingly using email as equivalent to a phone call andnot expecting security. This means that PGP is likely to become less used, but I also predict that we will see technologies take it's place. For example, for secured communication secure p2p connections can be used safely, and businesses tend to like having specific processes that are for security, which means that such things are kind to business. It is business that will lead the next crypto revolution as they find that strong cryptography is of great value to them, already we've seen them adopt SSL/TLS broadly, with many even using it for purposes that it really isn't required. This business leadership will continue and many of the technologies that we'll be using in 5-10 years will have been designed with businesses in mind instead of revolutionaries. > Most modern mail user agents are capable of S/MIME, but it's hard > to find someone making use of it. I'm a consultant for many > companies, but not a single one of them uses it. Most modern > MTAs support TLS, but to my knowledge less than 3% of messages > are actually TLS encrypted in SMTP. I have to agree, S/MIME seems to be becoming extinct even as it becomes usable for everyone. SMTP over TLS is probably not going to see much action either, again because of the "protect the data not the link" movement. > It's strange, but law will become more important than cryptograpy. I see cryptography more acting in support of law in the future, we're already seeing an impact in cryptography of the Sarbanes-Oxley act which has already formed a small boost in the cryptographic security of many companies (accountability requires strong identification) especially when dealing with section 404 (generally regarding offshoring, but also applies to remote offices), and with the requirements for inproved reporting speed we should see a strong increase in the use of computers over postal service, which will again result in cryptographic security being called in. From: "Ian Grigg" <[EMAIL PROTECTED]> Subject: Re: The future of security > I would see these things, in no particular > order, and no huge thought process applied. > > a. a hype cycle in QC that will peak in a year > or two, then disappear as purchasers realise that > the boxes aren't any different to ones that are > half the price. I'm personally nto sure that 1-2 years is long enough for that bust cycle, I suspect more than in about 5 years we'll see more users, simply because users generally requries competition something that is severely lacking from QC, but I agree that it will generally be of little use with the suppliers becoming niche players, but never quite disappearing. > b. much more use of opportunistic cryptography, > whereby crypto systems align their costs against > the risks being faced. E.g., self-signed certs > and cert caching in SSL systems, caching and > application integration in other systems. I absolutely agree, short-term, but I believe longer term that certain hidden trends will emerge (again sorry NDA, but also trade secrets here) that will start to move self-signed certs out, simply because hierarchically signed certs will be just as available, if for no other reason than NGSCB and the like. > c. much less emphasis on deductive no-risk > systems (PKIs like x.509 with SSL) due to the > poor security and market results of the CA > model. I agree as well, the hier.. certs I mentioned above will only proliferate because of the hardware sales, but they actual signing party will be less relied on, as we move more towards "protect the data not the link" > d. more systems being built with basic, simple > home-grown techniques, including ones that are > only mildly secure. These would be built by > programmers, not cryptoplumbers. They would > require refits of proper crypto as/if they migrate > into successful user bases. In project terms, > this is the same as b. above - more use of > opportunistic tactics to secure stuff basically > and quickly. I'm not so sure, I think the general programming populus has had "use SSL" ground into them so far, that we'll see a short-term increase in it's use, longer term I think other protocols will take it's place, but just as with the certs only because it will be easily available and cheaper to implement than a home-grown solution. > e. greater and more costs to browser users > from phishing  will eventually result in > mods to security model to protect users. In > the meantime, lots of snakeoil security solutions > will be sold to banks. The day Microsoft decides > to fix the browser security model, phishing will > reduce to a "just another risk." Agreed. > f. arisal of mass crypto in the chat field, > and slow painful demise of email. This is > because the chat protocols can be updated > within the power of small teams, including > adding simple crypto. Email will continue to > defy the mass employment of crypto, although > if someone were to add a "create self-signed > cert now" button, things might improve. I'd suggest instead of "create self-signed cert now) we simply begin signing every email with a self-signed cert and let the market adapt. Using XML-SIG or PGP would leave the email still readable by those individuals that have not switched over. Once the entire population is using self-signed certs for signing, then we can also begin encrypting. But it's not gonna happen anytime soon. The encryption of IM is already happening, with most clients already supporting corporate servers for security (and encryption either local or at the server), it should proliferate as the IM solution creaters begin to realize that it simply is not worth maintaining what is effectively two protocols so reduce the protocol overhead to one by removing the unencrypted. > g. much interest in simple crypto in the p2p > field, especially file sharing, as the need > for protection and privacy increases due to > IP attacks. All of the techniques will flow > across to other applications that need it less. In addition I'm also predicting a split in p2p networks, those designed for businesses will fully identify the introducer (and possibly the intermediaries), and those designed for anonymity. Each has it's place, but the business networks will have very little in the way of illegal content, while the anonymous ones will begin to move towards almost exclusively illegal content. The reason is simple, if all the legal content you want is on one network, and that network is available everywhere (again we're working on it) then there is no reason to place it on the other network. The unfortunate collateral of this is that the illegal network will be a prime target for legal attacks, and those that are a part of it will be persecuted (prosecuted as well, but mostly persecuted). > h. almost all press will be in areas where > "crypto is sure to make a difference." Voting, > QC, startups with sexy crypto algorithms, etc. I agree, the press will go to the startups with all the appeal, but at the same time I predict that we'll see a proliferation of crypto under everything. From algorithms to prevent piracy, to secure distributed file systems much of the idea in many sectors will be that security is a necessity and as such it will simpy be there. > i. Cryptographers will continue to be pressed > into service as security architects, because it > sounds like the same thing. Security architects > will continue to do most of their work with > little or no crypto. Agreed, except for the last part. As the ability to do wire-speed cryptography continues to spread I actually believe that we'll see cryptography spread, because there will be no reason not to use it, and it increases the paranoia allowed in the system. > j. a cryptographic solution for spam and > viruses won't be found. Nor for DRM. Spam and viruses will not be defeated in the lifetime of any living person, unless email completely disappears (which would only get rid of spam). Viruses are here to stay, but the immune system for computers will become better, leading to greater difficulty in writing viruses (this of course assumes that either Windows shapes-up or is eliminated). DRM is a different story. I believe a solution will be found, but not down the current investigation avenues. I think instead we will see light-weight DRM used to supplement legal and education activities, along side progress towards deriving revenue from the "illegal" content. This revenue from unlicensed content will allow DRM to be used only half-heartedly, and only to stop huge-scale distribution. I still forsee cryptography everywhere, but I also see it being generally hidden, similar to the safety provided by the airbag in a car. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]