The future of security

Hadmut Danisch hadmut at danisch.de
Wed Apr 28 14:38:09 EDT 2004 

On Mon, Apr 26, 2004 at 08:21:43PM +0100, Graeme Burnett wrote:
> 
> Would anyone there have any good predictions on how
> cryptography is going to unfold in the next few years
> or so?  I have my own ideas, but I would love
> to see what others see in the crystal ball.



My guess is that it is unpredictable. 
As so many other things, it depends on so many coincidences, 
marketing, politics.

But what I do expect:

- I don't expect that there will be much progress in 
  maths and theory of cryptography. Very few inventions
  will make it out of the ivory tower, if any at all.

  Key lenghts will increase. We'll play RSA with 
  4096 or 8192 bit. They will find that Quantum Computers
  may be fast, but still bound to computation complexity.


- SSL/TLS will become even more of a de facto standard in 
  open source software and (new?) protocols. It will make 
  it's way into the standard libraries of programming languages
  (e.g. as it did for Ruby).

- I don't expect that we'll ever have a common PKI for 
  common people with a significant distribution. It's like 
  with today's HTTPS: The big ones have commercial certificates, 
  plain people use passwords and simple authentication mechanisms
  (like receiving a URL with a random number by e-mail).


- I guess the most important crypto applications will be:

    - HTTPS of course

    - portable storage equipped with symmetric ciphers 
      such as USB-Sticks and portable hard disks. 

    - VPN routers

    - Voice over IP

    - DRM

    - maybe in digital passports and credit cards

    - simple auth tokens like RSA SecurID, Aladdin eToken
      will become more commonly used.      



- As a consequence, I guess that politicians will reopen the
  1997's discussion of prohibiting strong encryption. They already
  do. 


- Maybe we'll have less crypto security in future than we have
  today. 

  5-10 years ago I knew much more people using PGP than today. 

  Most modern mail user agents are capable of S/MIME, but it's hard
  to find someone making use of it. I'm a consultant for many
  companies, but not a single one of them uses it. Most modern 
  MTAs support TLS, but to my knowledge less than 3% of messages 
  are actually TLS encrypted in SMTP.

  It's strange, but law will become more important than cryptograpy. 




As a summary, I don't expect any innovations. Not more than within
the last 10 years.

But I'm pretty sure that security will be more and more important
and that's were I expect innovations and progress. Security doesn't
necessarily mean cryptography.


regards
Hadmut



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list