What is Strong Encryption

More important than Encryption Method or Encryption Key Length is Strong Key Management!!!

A 1024-bit Encryption Key using Weak Key Management can be weaker than a 56-bit Encryption Key using Strong Key Management.

• Example: Go out and buy a $6Mil lock and place it on your front door... now leave the key in that unbreakable lock and get in your car and drive away!!!
  
  
• Likewise: Go out and buy an IPSec Client Software using Triple DES, install it on your Windows 95/98/NT PC's local disk and you've got exactly the same scenario.
  
  
  • (With Windows 95 & 98, all you have to do is press the "ESC" key and anybody can gain access to YOUR local disk without a password and steal your Private Key. (There goes authentication and non-repudation right out the door!!!)
    
    
  • Walk away from your NT PC for a cup of coffee..., go to the bathroom..., or go out for lunch... and without logging out from your PC or without locking the screen... the same thing)!!! Even if you log out, what about a dictionary attack against you NT machine as it does use re-usable passwords.
    
    
  • Then you have the NT Administrative Shares C$, D$, etc. which very few ordinary people know anything about, but which anybody can gain access to your local disk through the network!!! the same thing AGAIN)!!! And the list just goes on...

• Similarly: A VPN Gateway/Firewall with a hard disk or other magnetic storage medium offers the same security weakness against properly protecting your Private Keys!!!

Secondly, the actual Encryption Method is important as well, but falls a close second to Key Management!!!

A 2048-bit Encryption Key using a weak Encryption Method can be weaker than a 56-bit Encryption Key using a Strong Encryption Method.

The normal PC user might spend years and not be able to break an encrypted message, but give that same message to a professional hacker and he'll have it decrypted within seconds.

The problem is...

How does the average or even expert System IT specialist know which Encryption methods are too difficult for the professional hacker to break and which are not? This type of decision should be left up to Cryptanalysts and/or Mathematical Experts.

Several special groups of these types of experts have already spent years and years of testing to define what IS and what IS NOT strong encryption. The results of these findings can be found in the well known ANSI, FIPS, IETF, ISO/IEC, etc. specifications.

Of these groups, the ANSI (Financial/Banking) and FIPS (Federal/Government) specifications in particular are probably the strongest of them all as without Banking and Government, we wouldn't be able to exist in any humane way. As such, the specifications for these two security groups are usually stronger and more strict than those for IETF or ISO/IEC.

Thus if you want to build a "Secure" Security System, it is best that you base your architecture on or around the ANSI and/or FIPS standards.