Elliptic Curve Cryptography
A discussion of common cryptographic algorithms would not be complete without addressing Elliptic Curve Cryptography. Mathematics based on elliptic curves predate modern cryptography by many years, however it is only in recent years that uses have been found for these mathematics in the world of cryptography. RSA’s heavy reliance on factoring has lead some experts to believe that it will soon reach the end of its lifetime. As computing power increases, the only way to increase the strength of RSA is to produce longer and longer keys. Longer keys are not only more difficult to attack, but more difficult for clients to process. It is thought that eventually key length required to keep RSA secure will exceed a client’s ability to effectively process it.
Elliptic Curve Cryptography is based on a different type of mathematical problem that is believed to be equally as difficult to solve as factoring large integers. This problem is called the discrete logarithmic problem. What is interesting about this problem is that an equal level of difficulty can be achieved with a shorter key length. This means that in the future, protocols based on elliptic curve mathematics may replace RSA as the primary public key algorithm. Elliptic curve cryptography is currently implemented by an algorithm called Diffie-Helman. Diffie-Helman is implemented as a symmetric key exchange protocol in most IPSec implementations.
The primary weakness of elliptic curve cryptography is that it has not received the scrutiny that RSA has received. This has led to some skepticism as to it’s true security in the wild. Although there are currently no known attacks against elliptic curve cryptography, some say it’s only a matter of time.
The next article in this security series will focus on the Kerberos protocol. Kerberos is the cornerstone of authentication in Windows 2000 and Windows Server 2003. We will look at the mechanics and implementation of Kerberos.