Cryptography, Security and the Future

  From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today's information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can protect your anonymity or prove your identity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital. 從e-mail到蜂窩通訊系統，從安全網頁到數字現金，加密算法已經是當今資訊系統不可或缺的一部分。密碼學使得加密保護，公平交易，問責稱為可能。它能夠很好的防止電子商務裡的造假行為，并使得遠端交易成為可能；它能夠保護你的隐私；它還能夠保護你的網頁不被修改，并保護你的機密文檔不被竊取。将來，商務和交流原來越依靠網絡，密碼學将會越來越重要。   But the cryptography now on the market doesn't provide the level of security it advertises. Most systems are not designed and implemented by cryptographers, but by engineers who think cryptography is like any other computer technology. It's not. You can't make systems secure by tacking on cryptography as an afterthought. You have to know what you are doing every step of the way, from conception through installation. 當時現在市面上的密碼學産品并不能夠提供它們标榜的安全性。許多的系統的設計者是一些對密碼學不了解的工程師，而不是密碼學家，這些工程師通常認為密碼學和計算機的其他科學沒什麼分别。單靠密碼學不足以保證系統安全性，一個安全的系統的每一步都必須是安全的。   Billions of dollars are spent on computer security, and most of it is wasted on insecure products. After all, weak cryptography looks the same on the shelf as strong cryptography. Two e-mail encryption products may have almost the same user interface, yet one is secure while the other permits eavesdropping. A comparison chart may suggest that two programs have similar features, although one has gaping security holes that the other doesn't. An experienced cryptographer can tell the difference. So can a thief. 據統計計算機安全産業目前已經花費了幾十億美金，但是許多錢都被浪費在不安全的産品上。畢竟，使用者無法判斷加密算法的安全性。兩個郵件加密系統的使用者界面可能完全相同，但是可能一個是安全的，另一個卻允許竊聽。也許兩個加密算法看起來差不多，但是其中一個也許就有漏洞。如果一個經驗豐厚的密碼學家能夠發現這個漏洞，黑客高手也能。   The people who break cryptographic systems don't follow rules; they cheat. They can attack a system using techniques the designers never thought of. Art thieves have burgled homes by cutting through the walls with a chain saw. Home security systems, no matter how expensive and sophisticated, won't stand a chance against this attack. Computer thieves come through the walls too. They steal technical data, bribe insiders, modify software, and collude. The odds favor the attacker: defenders have to protect against every possible vulnerability, but an attacker only has to find one security flaw to compromise the whole system. 破解加密系統的人通常不按常理出牌。欺騙，從系統設計者沒考慮到的技術，就好像有些小偷可能會在牆上打洞來盜竊，那麼無論哪種防盜系統都不可能防範這種方式。計算機世界的小偷也可能采用這種方式，它們盜竊技術文檔，行賄内部人員，修改軟體等等。防守方總是需要防範任何一個可能的攻擊行為，而攻擊者隻需在整個系統裡找到一個安全漏洞即可。     Present-day computer security is a house of cards; it may stand for now, but it can't last. Many insecure products have not yet been broken because they are still in their infancy. But when these products are widely used, they will become tempting targets for criminals. The press will publicize the attacks, undermining public confidence in these systems. Ultimately, products will win or lose in the marketplace depending on the strength of their security. 目前的許多安全産品就像溫室裡的花朵，它們現在還沒有被攻破，并不代表以後不會被攻破。許多安全産品沒有被攻擊的原因就是它們的市場佔有率還比較少，一但它們的産品被廣泛應用，它們可能馬上成為攻擊者的目标。甚至可以這麼說，産品的安全性和它的市場佔有率成反比。   No one can guarantee 100% security. But we can work toward 100% risk acceptance. Fraud exists in current commerce systems: cash can be counterfeited, checks altered, credit card numbers stolen. Yet these systems are still successful because the benefits and conveniences outweigh the losses. Privacy systems -- wall safes, door locks, curtains -- are not perfect, but they're often good enough. A good cryptographic system strikes a balance between what is possible and what is acceptable. 沒人能夠保證100%的安全，但是我們的目标是100%的風險驗收。現實世界中的商務行為中就存在欺騙：假币，修改支票，僞裝信用卡等；當這一商務系統依然存在，因為它帶來的收益和友善遠遠高與損失。隐私保護系統—牆，鎖，窗簾—這些都不完美，當時它們卻足以保護我們的隐私。一個好的安全系統需要平衡兩個關系，投入和産出。   Strong cryptography can withstand targeted attacks up to a point -- the point at which it becomes easier to get the information some other way. A computer encryption program, no matter how good, will not prevent an attacker from going through someone's garbage. But it can prevent data-harvesting attacks absolutely; no attacker can go through enough trash to find every AZT user in the country. 高強度算法隻能夠将攻擊者轉向其他攻擊方式，一個完美的計算機加密軟體也無法抵禦攻擊者通過收集垃圾來了解被保護人的資訊。但是它可以保護資訊不被直接竊取。我想任何一個攻擊者都無法找出美國所有的AZT使用者。   The good news about cryptography is that we already have the algorithms and protocols we need to secure our systems. The bad news is that that was the easy part; implementing the protocols successfully requires considerable expertise. The areas of security that interact with people -- key management, human/computer interface security, access control -- often defy analysis. And the disciplines of public-key infrastructure, software security, computer security, network security, and tamper-resistant hardware design are very poorly understood.   密碼學的一個好消息是我們已經有能夠保證系統安全的的算法和協定。而壞消息是：正确使用這些協定需要相當的經驗。在安全系統與使用者互動的區域，例如密碼管理，人/機互動安全，接入點控制—這些通常是弱點。公鑰體制，軟體安全，計算機安全，網絡安全，以及硬體抗破壞設計都令人難以了解。   Laws are no substitute for engineering. The U.S. cellular phone industry has lobbied for protective laws, instead of spending the money to fix what should have been designed corectly the first time. It's no longer good enough to install security patches in response to attacks. Computer systems move too quickly; a security flaw can be described on the Internet and exploited by thousands. Today's systems must anticipate future attacks. Any comprehensive system designed today is likely to remain in use for five years or more. It must be able to withstand the future: smarter attackers, more computational power, and greater incentives to subvert a widespread system. There won't be time to upgrade them in the field. 法律也是一個問題。美國蜂窩電話産業聯盟就在遊說政府建立保護法令，而不是花錢來修補過去遺留的問題。發現攻擊行為後設計更新檔并不是長久之計。計算機世界資訊傳輸的太快了，發現一個安全漏洞的消息會立刻傳遍整個internet。是以今天的系統設計者需要考慮到明天的攻擊方式。一個綜合系統應該能夠抵禦未來5年的攻擊。将來我們将會面對更為聰明的攻擊者，更強大的機器，更好的傳播方式，那時發現一個漏洞後，我們可能根本來不及打更新檔。   History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did. 曆史教育我們：有些人為了破解一個安全系統是不惜代價的。往最壞的方向向問題不是一件壞事。如果假設攻擊者缺乏某種能力，那麼科學的發展将會讓他們具備這種能力。充分考慮可能的錯誤，将你的系統設計的比需要更安全，那麼當意想不到的事情發生是，你就不會措手不及。