Crypto is Not the Be All and End All for Security #rsac
Page 1 of 1
Adi Shamir, co-inventor of the RSA cryptographic algorithm, challenged his fellow co-inventor Ron Rivest and Whit Diffie, co-inventor of the Diffie-Hellman algorithm, during a keynote panel session at the RSA 2013 conference.
"Cryptography is becoming less important," Shamir flatly stated to the shock of his fellow panelists. "In the 21st century, even the most secure isolated systems have been penetrated."
Shamir challenged his fellow panelists and the capacity RSA conference crowd to rethink the question of how enterprises protect data. He argued that the security industry has traditionally based its approaches on the idea of preventing the insertion of malicious threats onto a system. This idea led to the creation of firewall and anti-virus software.
In recent years, however, hackers have demonstrated the ability to get past the perimeter firewall and avoid anti-virus detection as well. In an environment where attackers are placing advanced persistent threats (APTs) on systems, Shamir thinks that crypto is no longer useful.
"It's very hard to use crypto if you assume an APT is watching everything that is being done on a system, including the encryption," Shamir said.
Shamir suggested that security pros think in a different way, about how to protect systems. One idea he mentioned: Make useful files so large it would not be feasible for attackers to remove them from a system without detection. He also suggested that all file names should have no real identity and use meaningless titles.
Whitfield Diffie retorted that the latter idea wouldn't work and would only serve to confuse the good guys.