Need help with discussion questions

[EonsNearby]

I am in a Computer Network Security class, and I have to answer 2 different discussion questions (each answer has to be about a page long). I am having trouble with one of them (the other I have yet to try to answer), so I was wondering if someone could help me with the question. Here it is:

 

Most of the encryption standards that are being used such as RSA and DES have not been formally proven to be safe. Why then do we take them to be secure - what evidence do we have?

 

Any help will be appreciated.

 

 

[Bignose]

EN, this forum doesn't just do homework problems for people. What we will do is discuss your answers, your thoughts, and point out improvements or errors we see.

 

So, the real question is: what have you done to try to answer this question yourself? What are your thoughts? What research have you done on the subject?

[EonsNearby]

I've only been looking into RSA and DES since that is what the question has specified. The only real reasons I have come up with as to why people use them is that they are both very common encryption algorithms and they are easier to "change" than other, more secure encryption algorithms.

[EonsNearby]

My main problem is that I can't really find anything about why people use "insecure" encryption algorithms (aside from my 2 initial ideas, but I can't really stretch that to 1 page). All I can really find out is what some widely used, "insecure" encryption algorithms are and why they are "insecure".

Edited January 10, 2013 by EonsNearby

[caKus]

Travelling by car or aircraft is "unsafe". But many people do it because they think it is "reasonably safe".

 

Try to determine if using DES or RSA is "reasonably secure" or not, for civil applications (internet purchase, current bank operation, business communications...).

 

Another hint : in my country (France) before 2004, usage of encryption was regulated for security reasons : only some encryption systems were allowed for private use. Import and export of encryption system are still regulated.

[EonsNearby]

Okay, I am able to find out that use of those encryption schemes is secure enough for some services, but I still cannot fill out 1 page with it. This all I am able to come up with:

 

 

Question 2

This is similar to asking why people drive in cars or fly in airplanes even though they are dangerous. I think that the primary reason is that they are reasonably secure for civil applications. There are also several widely used encryption algorithms that are easy to modify, to make breaking them difficult. For example, DES can be made incredibly difficult and expensive to hack. If the number of possible keys is adequately large enough, “to dissuade the attacker from attempting exhaustively testing keys, and no easier attack on the algorithm can be found, then the designer of the algorithm has succeeded in providing adequate security.” [1] DES is also the only publicly available encryption algorithm to have been endorsed by the U.S. government. [1] In regards to RSA, there are some benefits it has that make it popular. For one, its key size can be increased to make hacking take longer. Also, anyone can use it without having to pay any fees, even if it is used in a private or commercial product. RSA can also perform encryption, decryption, and signature verification with the same two functions.

 

Works Cited

[1] http://media.johnwiley.com.au/product_data/excerpt/28/07803535/0780353528.pdf

[

 

I also don't really get your hint. Is encryption itself still regulated in your country, or is it just the import and export of encryption systems? Also, were the encryption techniques "insecure" like DES and RSA?

[caKus]

Perhaps could you add some information about the difficulty to break DES and RSA according to the length of the key. Has RSA with a key of 2048 bits been cracked, yet ? RSA Security pretends it is safe up to 2030. You may do some research on this.

 

 

I also don't really get your hint

Sorry if I wasn't clear. What I meaned is that in some countries, legal considerations may limit the use of encryption algorithms : in France, before 2004, DES and RSA were allowed, but the lenght of keys was legally limited to a max of 128 bits. I didn't check but heard that it is still limited to 2048 bits.

 

Import and export of encryption software are regulated (IMO, in most countries). So, even is a secure encryption system exists in the USA, one may not be allowed to import it in his own country (assuming he is not a US citizen) and will have to cope with a less secure algorithm.