12.2 Cryptography Is Key Management

It should be evident from the earlier sections that although cryptography can be classified according to whether it will be used to provide confidentiality, integrity and authentication, each of these approaches relies on the protection of secret keys to work properly.

For symmetrical encryption and keyed hash codes, Alice and Bob must agree on a key before sending any messages and ensure that the key does not fall into Eve's hands. For asymmetric encryption and digital signatures, only one person has to keep the secret (the private key), which is an improvement over needing an agreed key, but still requires either Alice or Bob to remain vigilant.

Alice and Bob have no way of determining if Eve has been able to learn the secrets that they are protecting. When Eve intercepts a message, she is careful to send on a copy (or a replacement message) to Bob. If Eve has learned the keys, then she is able to impersonate Alice or Bob and interfere with their messages at will.

To minimize the damage Eve can cause if she discovers the secret keys, Alice and Bob may agree to change their keys regularly. Eve may be able to obtain or guess the key, but if Alice and Bob change the keys every week, Eve will only be able to meddle with up to seven days worth of messages before she is back in the dark. Selecting and changing keys is an important process, and the problems of storing and distributing keys securely are two of the most difficult aspects of implementing cryptographic solutions. We will discuss the issues that arise in the following chapters.