Friday, November 1, 2013

The end of cryptography?

I've just now come across the words by Adi Shamir (one of fathers of modern cryptography) in February when he said, that "cryptography is becoming less and less important". He explained that recent attacks successfully penetrated even the strongest barriers. And from this fact he concludes that cryptography is becoming less important.

This is an erroneous and misleading judgment, and it becomes even worse when it comes from the cryptography specialist. The most obvious conclusion which could have been made from the successful attacks would be that stronger barriers are needed. There's more significant problem to be addressed though - quality of defense.

Current software developers and system integrators don't pay much attention to overall quality and to security in particular. Businesses demand the shortest possible time-to-market and this of course contradicts the goal of obtaining proper security level. In addition there's a shortage in supply of developers and IT specialists on the market, and it's even harder to find security-aware software developers.

So the right conclusion must be "we must educate more security specialists and create a dedicated industry of digital security services". That's what I would expect to hear from any security-oriented person.