The future of security (bulk reply, long)

Joseph Ashwood ashwood at
Sat May 8 23:04:34 EDT 2004

I've moved this to the top because I feel it is the most important statement
that can be made
Hadmut said :
> Security doesn't
> necessarily mean cryptography.

----- Original Message ----- 
From: "Hadmut Danisch" <hadmut at>
Subject: Re: The future of security

> On Mon, Apr 26, 2004 at 08:21:43PM +0100, Graeme Burnett wrote:
> >
> > Would anyone there have any good predictions on how
> > cryptography is going to unfold in the next few years
> > or so?  I have my own ideas, but I would love
> > to see what others see in the crystal ball.

> - I don't expect that there will be much progress in
>   maths and theory of cryptography. Very few inventions
>   will make it out of the ivory tower, if any at all.

I actually expect quite the opposite, we seem to be reaching an age in
cryptanalysis where we are developing techniques faster than they can be
functionally applied, and the speed of development is only increasing here.
We've now gone from a time when we were seeing a new functional attack about
every five years (differential to linear), to now just during the AES
selection proces we had a number of potential new avenues opened up. I
expect this trend to continue for a while, and the news taht this generates
should bring greater light, and more active people to studying cryptography.
I expect this trend to continue for approximately 1 human generation (about
20 years), but that human nature being what it is, that the second human
generation in this timeframe will have substantially fewer cryptanalytic

>   Key lenghts will increase. We'll play RSA with
>   4096 or 8192 bit.

Actually I'm seeing an increasing trend in moving away from RSA and DH
because the keys are becoming too big. The required key length to match the
strength of AES-256 is simply too large to offer functional speed, instead
we're going to have to switch over to the assymptotically superior
encryption/decryption/signing/verifying algorithm, because of this we should
see a major increase in the research moneys applied towards public key
techniques, this compounded with my expected increase in the number of
cryptanalysts should result in some very interesting times.

> They will find that Quantum Computers
>   may be fast, but still bound to computation complexity.

I agree.

> - SSL/TLS will become even more of a de facto standard in
>   open source software and (new?) protocols. It will make
>   it's way into the standard libraries of programming languages
>   (e.g. as it did for Ruby).

Again I have to disagree with you, we're already seeing some backlash
against SSL/TLS, where many people are beginning to see the value in
protecting the data not the link. This methodology fairly well eliminates
the usability of SSL/TLS, the added complexity of the new PK algorithms will
almost certainly spell doom for the current protocols in use.

> - I don't expect that we'll ever have a common PKI for
>   common people with a significant distribution. It's like
>   with today's HTTPS: The big ones have commercial certificates,
>   plain people use passwords and simple authentication mechanisms
>   (like receiving a URL with a random number by e-mail).

Again I have to disagree, I can only speak for what Trust Laboratories is
doing, but we are at this moment working on projects that will lower the
necessary threshhold for PKI implementations (through client proliferation).
This combined with the already solidly known presence of NGSCB in the
majority of future PCs should have the added effect that, while
Verisign-like PKI may remain unusual, the availability of what can be
treated as a smartcard in every computer will certainly increase the
availability of PKI to the common man.

> - I guess the most important crypto applications will be:
>     - HTTPS of course

For the short term yes, but longer term I actually think that HTTPS will
diminish, in fact some measurements are already showing a trend where per
capita web usage is already decreasing, so HTTP may soon be decreasing, lead
ing to an obvious decrease in the usage of HTTPS. This combined with the
"protect the data not the link" movement should have substantial further

>     - portable storage equipped with symmetric ciphers
>       such as USB-Sticks and portable hard disks.

Agreed, but I also think we'll start seeing distributed file system, I know
we are working on them, and have already had some interest form companies.
These distributed file systems will make use of smart cards (although the
form factor WILL be different). With the proliferation of high speed data
connections (US cell phones are already available at 150 Kbps, and 3G can
bring speeds of up to 1Mbps, in the next few years WiMax, and great future
cell potential e.g. Flarion) I suspect that removable storage will actually
decrease, that leaves moving those USB/removable drives over to distributed
file systems or even in some cases p2p networks (more on this from Trust
Laboratories in the future) which will massively reduce cost. I'm even
expecting that we will see cell phones begin to include streamed audio files
for playback, effectively eliminating the need for large quantities of

>     - VPN routers

Very much agreed, the VPN market will grow substantially, and I believe
again long-term the IPsec market will grow at the expense of the SSL VPN
market. Longer term I'm expecting that within 20 years IPsec will be
outdated by the movement of VPN technology into TCP/IP (or it's replacement)
which would at the same time eliminate SSL/TLS.

>     - Voice over IP

Here I'm not so sure about the cryptographic implications. The truth is that
most phone conversations are not worth protecting, and that the common man
does not care about creating coverfire for those that do need it. I'm
actually more expecting that those that do require this will for now run
over TLS (see SIP specification) and that in the future these will be done
over IPsec, until both are outdated.

>     - DRM

Of course.

>     - maybe in digital passports and credit cards

CC is already being done, the Visa 3D-Secure initiative which should become
the Visa requirement (support only, 2008 should see saturation) next year
should vastly improve the situation.

>     - simple auth tokens like RSA SecurID, Aladdin eToken
>       will become more commonly used.

Short term I agree, but longer term there's already a movement that I can't
discuss (sorry guys NDA) where the form factor is changing.

> - As a consequence, I guess that politicians will reopen the
>   1997's discussion of prohibiting strong encryption. They already
>   do.

I'll actually go a step further, I believe that within the next decade we
will see strong cryptography blanketly allowed in virtually every country in
the world. The reasoning is fairly easy to follow, Visa has the ability to
prod as many politicians as they would like, and they have found that strong
cryptography is invaluable to them. They will almost certainly push for
government to step out of the way of cryptographic advances. Although we
will probably see an increase in laws that effectively prevent cryptanalysis
in the short-term, longer-term we will see most of these laws voided.

> - Maybe we'll have less crypto security in future than we have
>   today.
>   5-10 years ago I knew much more people using PGP than today.

I agree there will be casualties in the security area, people are
increasingly using email as equivalent to a phone call andnot expecting
security. This means that PGP is likely to become less used, but I also
predict that we will see technologies take it's place. For example, for
secured communication secure p2p connections can be used safely, and
businesses tend to like having specific processes that are for security,
which means that such things are kind to business.

It is business that will lead the next crypto revolution as they find that
strong cryptography is of great value to them, already we've seen them adopt
SSL/TLS broadly, with many even using it for purposes that it really isn't
required. This business leadership will continue and many of the
technologies that we'll be using in 5-10 years will have been designed with
businesses in mind instead of revolutionaries.

>   Most modern mail user agents are capable of S/MIME, but it's hard
>   to find someone making use of it. I'm a consultant for many
>   companies, but not a single one of them uses it. Most modern
>   MTAs support TLS, but to my knowledge less than 3% of messages
>   are actually TLS encrypted in SMTP.

I have to agree, S/MIME seems to be becoming extinct even as it becomes
usable for everyone. SMTP over TLS is probably not going to see much action
either, again because of the "protect the data not the link" movement.

>   It's strange, but law will become more important than cryptograpy.

I see cryptography more acting in support of law in the future, we're
already seeing an impact in cryptography of the Sarbanes-Oxley act which has
already formed a small boost in the cryptographic security of many companies
(accountability requires strong identification) especially when dealing with
section 404 (generally regarding offshoring, but also applies to remote
offices), and with the requirements for inproved reporting speed we should
see a strong increase in the use of computers over postal service, which
will again result in cryptographic security being called in.

From: "Ian Grigg" <iang at>
Subject: Re: The future of security

> I would see these things, in no particular
> order, and no huge thought process applied.
> a.  a hype cycle in QC that will peak in a year
> or two, then disappear as purchasers realise that
> the boxes aren't any different to ones that are
> half the price.

I'm personally nto sure that 1-2 years is long enough for that bust cycle, I
suspect more than in about 5 years we'll see more users, simply because
users generally requries competition something that is severely lacking from
QC, but I agree that it will generally be of little use with the suppliers
becoming niche players, but never quite disappearing.

> b.  much more use of opportunistic cryptography,
> whereby crypto systems align their costs against
> the risks being faced.  E.g., self-signed certs
> and cert caching in SSL systems, caching and
> application integration in other systems.

I absolutely agree, short-term, but I believe longer term that certain
hidden trends will emerge (again sorry NDA, but also trade secrets here)
that will start to move self-signed certs out, simply because hierarchically
signed certs will be just as available, if for no other reason than NGSCB
and the like.

> c.  much less emphasis on deductive no-risk
> systems (PKIs like x.509 with SSL) due to the
> poor security and market results of the CA
> model.

I agree as well, the hier.. certs I mentioned above will only proliferate
because of the hardware sales, but they actual signing party will be less
relied on, as we move more towards "protect the data not the link"

> d.  more systems being built with basic, simple
> home-grown techniques, including ones that are
> only mildly secure.  These would be built by
> programmers, not cryptoplumbers.  They would
> require refits of proper crypto as/if they migrate
> into successful user bases.  In project terms,
> this is the same as b. above - more use of
> opportunistic tactics to secure stuff basically
> and quickly.

I'm not so sure, I think the general programming populus has had "use SSL"
ground into them so far, that we'll see a short-term increase in it's use,
longer term I think other protocols will take it's place, but just as with
the certs only because it will be easily available and cheaper to implement
than a home-grown solution.

> e.  greater and more costs to browser users
> from phishing [1] will eventually result in
> mods to security model to protect users.  In
> the meantime, lots of snakeoil security solutions
> will be sold to banks.  The day Microsoft decides
> to fix the browser security model, phishing will
> reduce to a "just another risk."


> f.  arisal of mass crypto in the chat field,
> and slow painful demise of email.  This is
> because the chat protocols can be updated
> within the power of small teams, including
> adding simple crypto.  Email will continue to
> defy the mass employment of crypto, although
> if someone were to add a "create self-signed
> cert now" button, things might improve.

I'd suggest instead of "create self-signed cert now) we simply begin signing
every email with a self-signed cert and let the market adapt. Using XML-SIG
or PGP would leave the email still readable by those individuals that have
not switched over. Once the entire population is using self-signed certs for
signing, then we can also begin encrypting. But it's not gonna happen
anytime soon.

The encryption of IM is already happening, with most clients already
supporting corporate servers for security (and encryption either local or at
the server), it should proliferate as the IM solution creaters begin to
realize that it simply is not worth maintaining what is effectively two
protocols so reduce the protocol overhead to one by removing the

> g.  much interest in simple crypto in the p2p
> field, especially file sharing, as the need
> for protection and privacy increases due to
> IP attacks.  All of the techniques will flow
> across to other applications that need it less.

In addition I'm also predicting a split in p2p networks, those designed for
businesses will fully identify the introducer (and possibly the
intermediaries), and those designed for anonymity. Each has it's place, but
the business networks will have very little in the way of illegal content,
while the anonymous ones will begin to move towards almost exclusively
illegal content. The reason is simple, if all the legal content you want is
on one network, and that network is available everywhere (again we're
working on it) then there is no reason to place it on the other network. The
unfortunate collateral of this is that the illegal network will be a prime
target for legal attacks, and those that are a part of it will be persecuted
(prosecuted as well, but mostly persecuted).

> h.  almost all press will be in areas where
> "crypto is sure to make a difference."  Voting,
> QC, startups with sexy crypto algorithms, etc.

I agree, the press will go to the startups with all the appeal, but at the
same time I predict that we'll see a proliferation of crypto under
everything. From algorithms to prevent piracy, to secure distributed file
systems much of the idea in many sectors will be that security is a
necessity and as such it will simpy be there.

> i.  Cryptographers will continue to be pressed
> into service as security architects, because it
> sounds like the same thing.  Security architects
> will continue to do most of their work with
> little or no crypto.

Agreed, except for the last part. As the ability to do wire-speed
cryptography continues to spread I actually believe that we'll see
cryptography spread, because there will be no reason not to use it, and it
increases the paranoia allowed in the system.

> j.  a cryptographic solution for spam and
> viruses won't be found.  Nor for DRM.

Spam and viruses will not be defeated in the lifetime of any living person,
unless email completely disappears (which would only get rid of spam).
Viruses are here to stay, but the immune system for computers will become
better, leading to greater difficulty in writing viruses (this of course
assumes that either Windows shapes-up or is eliminated).

DRM is a different story. I believe a solution will be found, but not down
the current investigation avenues. I think instead we will see light-weight
DRM used to supplement legal and education activities, along side progress
towards deriving revenue from the "illegal" content. This revenue from
unlicensed content will allow DRM to be used only half-heartedly, and only
to stop huge-scale distribution.

I still forsee cryptography everywhere, but I also see it being generally
hidden, similar to the safety provided by the airbag in a car.

Trust Laboratories
Changing Software Development

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list