Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

CHAPTER 10 Application Security > Web security - Pg. 152

152 The Basics of Information Security Cryptographic Attacks We leave ourselves open to failure if we do not pay close enough attention to designing our security mechanisms while we implement cryptographic con- trols in our applications. Cryptography is easy to implement badly, and this can give us a false sense of security. One of the big "gotchas" in implementing cryptography is to give in to the temptation to develop a cryptographic scheme of our own devising. The major cryptographic algorithms in use today, such as Advanced Encryption Standard (AES) and RSA, have been developed and tested by thousands of people who are very skilled and make their living developing such tools. Additionally, such algorithms are in general use because they have been able to stand the test of time without serious compromise. Although it is possible that our homegrown algorithm may have something to offer, software that stores or processes any sort of sensitive data is likely not a good place to test it out. In addition to using known algorithms, we should also plan for the mecha- nisms we do select to become obsolete or compromised in the future. This means, in our software design, we should allow for the use of different algo- rithms, or at least design our applications in such a way that changing them is