crypto class design
Alex Alten
alex at alten.org
Wed Dec 26 14:23:14 EST 2007
At 06:48 PM 12/18/2007 -0800, Arshad Noor wrote:
>While there are many different ways to approach encryption
>and decryption of sensitive data, you may want to consider
>how you plan to manage the encryption keys before you go
>down this path.
This is prudent. You should consider how to "securely" integrate
key management with other important components of a security
system, such as identity/authentication, policy adjudication
(policy enforcement should be the encrypt/decrypt itself) and
audit/logging. Logging is usually very important in financial
firms. You should also carefully think about how to support
revocation of users (i.e. preventing a revoked user from using
a key to decrypt/encrypt data), and also to support key recovery
of encrypted data under proper authority (say to comply with
a legal warrant.)
Finally, regardless of your design you must carefully weigh and
assess it's performance, doing the tradeoff between cryptography
and speed and reliability. And you need to design it to be robust
in the face of operational failure.
Just my two cents worth (based on over a decade's worth of
cryptographic based security system design).
- Alex
--
Alex Alten
alex at alten.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list