Why good cryptography hygiene is important to your code's success

Cryptography is where information security lurches from the Hollywood image of spies and hackers and gets all boring and scientific. Still, plenty of developers would prefer to move cryptography concerns to the bottom of their priority list, somewhere between achieving world peace and sorting their sock drawers.

Not OK, devs, not OK.

Testing in the Agile Era: Top Tools and Processes

Rules for devs to live by

One of the fathers of modern cryptography, Adi Shamir, recently said (and has been saying for years) that computer security isn't a solvable problem. Ignore that. Good crypto hygiene is important to your code's success. Fortunately, even if the algorithms are complex, the rules for implementation are simple. Here are three implementation rules to help developers:

Implementation rule 1: Don't roll your own

You're expected to become a crypto expert, but we already know you won't. Leave that to those who feel the call to devise the cryptography primitives on which crypto systems are built. Familiarize yourself with the basic terminology, and focus your efforts on appropriate implementation of established protocols.

Implementation rule 2: You've got to keep up with the Joneses

In this situation, the Joneses are the aforementioned hackers and spies. More realistically, they're any adversary that might find and exploit vulnerabilities in your code, as implemented by any customer, at any point in the code's life cycle. It's a tall order and one that all but asks you to predict the future.

What you can predict is that faster computers will always make it easier to quickly crack encryption. To that end, resolve to use up-to-date cryptography systems. The HP Security Research team recently updated its Crypto Manifesto guidance to reflect current best practices for the use of cryptographic hash, encryption and encoding algorithms, cryptographic keys, pseudo-random number generators, password-based key derivation functions, digital signature keys, entropy sources, and protocol versions. The changes are aptly described as "practical trade offs between maximal security and acceptable paranoia." Many of the standards that were quite acceptable when the original Manifesto was released in 2009 are now aggressively disallowed by current industry and government standards.

Implementation rule no. 3: You hold the key

Developers don't merely choose which crypto algorithms to implement; they choose the key lengths that control the behavior of each algorithm. The key, of course, is what makes it possible for data processed by the algorithm to be turned into incomprehensible strings and then back into meaningful information. The longer the key, the more difficult it is for a would-be attacker to unscramble the strings. Together, the key and the set of algorithms in use make up the cryptosystem.

Guard those keys

"Hold the key" isn't just a figure of speech here. Though algorithms are all quite public, each cryptosystem's keys should be closely protected. More specifically, in our modern age of asymmetric public-private key pairs, the private key of the cryptosystem, which handles signing encrypted strings and decrypting received strings, should be scrupulously guarded. Proper key management is an extremely important process (we'll take up the topic in another article). The public key, which handles encryption as well as verification of received strings, should include clear and correct attribution and should be properly signed by well trusted authorities.

If a symmetric key algorithm is used between two entities, both must be absolutely scrupulous about their single-shared private key. For an excellent example of a symmetric key system that seemed titanically resistant to cracking, only to fail when its key was compromised, grab some popcorn and watch The Imitation Game. The Enigma machines used a polyalphabetic substitution machine cipher—a symmetric key in action.

Testing in the Agile Era: Top Tools and Processes
Topics: Dev & Test