Another brilliant talk:
DEV307 - New Cryptography: Algorithms, APIs, and Architecture Thursday, June 7 9:45 AM - 11:00 AM, S220 E Speaker(s): Rafal Lukawiecki
Rafal enumerated past and current cryptography algorithms, giving an opinionated (but very funny) overview of mechanisms available to date. He completed his presentation with the description of the Microsoft implementation of NSA Suite-B in Vista: the NGC API. He gave a Win32 demo of how to encrypt with the NGC API. It was very dense, packed with information but went down quite well because he managed to keep the audience laughing every 3 minutes.
According to Rafal,
- If you're not using Vista, you should use:
- AES128 - resists to power analysis (cracking a code by measuring energy consumption of the CPU).
- RSA2048 (although slow for key generation)
- Avoid:
- DES. unless it is for Obfuscation.
- Triple DES: sounds better but is not. It is slow.
- IDEA
- RCU and RC5 (Ron Rivest)
- Blowfish, Twofish – ok but not a standard · CAST and GOST.
- Advice for developers:
- Rely on cryptosystems, do not write it yourself.
- Never write a loop that encrypts and encrypts: this can be cracked.
- Do not download libraries.
- Within the Microsoft OS: use CAPI 2.0 (CAPI 1.0 is deprecated). The .NET Framework wraps around CAPI.
- NSA Suite-B is supposed to replace all other algorithms.
- It will be available for military as well as civil use.
- Available in Windows Vista and Server 2008 as part of the NGC API.
- It is an Open API (which means you can plug-in more implementations)
- Works in kernel-mode (better performance).
- 2 Flavours: a B-API where key crypto is done by OS, N-API where crypto is done by a smartcard.
No comments:
Post a Comment