The Dangers of “Rolling Your Own” Encryption

Why It Takes a Community to Create Good Encryption

What would our online world be like without cryptography? For a start, security as we know it would not exist. We use (or should use) encryption across all of the touchpoints of the digital information realm — where we store information, how we transmit data and when we share it with others. It is a foundation stone of information online and within our internal networks, too.

For encryption to maintain this high ground, it has to be robust. Robustness does not happen automatically or overnight; in fact, it takes time and a community to achieve it.

In his article, we will look at the idea of “rolling your own crypto” or, in other words, developing your own encryption algorithms and/or schemes.

Some Basics on Encryption

Encryption is used to prevent unauthorized reading of data. The process of encryption takes the original data or plaintext and combines it with a key in such a way as to render the data unreadable. The result of this process is ciphertext; the reverse process, decryption, returns the plaintext from the ciphertext.

Encryption can be divided into two types, symmetric and asymmetric, based on the nature of the key. Symmetric encryption uses the same key for both encryption and decryption. Asymmetric or public key encryption uses a pair of keys: a public key for encryption and the corresponding private key for decryption. In symmetric encryption, the key must be kept secret but shared between the parties who can encrypt and decrypt. Conversely, in public key encryption, only the private key is secret and is not shared. The public key is available for anyone to encrypt data for the private key holder.

When people write their own algorithm, it usually involves symmetric encryption. Within any given use (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: