2. Define Cryptography?
Cryptography aims to define protocols of communication that remove the possibility
or the value of malicious activity, and to do it in such a way that claims made are
provable and demonstrable. Cryptography is about mitigating risk while
acknowledging its inevitability.
A ‘Trusted key’ is shorthand for a cryptographic key that can be used because it
hasn’t yet been proven to be compromised, because the mathematics to prove a
protocol are usually built on assumptions such as ‘a malicious actor does not have
access to the private key, because a developer hardcoded it as an expediency’.
3. Cryptography and Zero Trust
Kerckhoff’s Principle is another example of how trusting less makes things more
trustworthy. By making cryptographic algorithms public rather than trusting one
third-party’s proprietary solution, the algorithm’s faults are found and fixed,
enabling people to see for themselves if it can be trusted.The alternative is to trust
a third-party will never become untrustworthy or compromised. History repeatedly
teaches us how that goes.
4. Why care about trust at all?
For example, certificates, are just simple files. They're easy to forget about or
ignore. Yet, that certificate is so much more than that.
It borders eloquence how such a simple file provides that tentative and fleeting
trust for communication in a world of eavesdropping, spoofing and bears. It is why
they have become so ubiquitous. And yet, time and time again, companies learn
the hard way how a single certificate outage can destroy not just trust in that one
instance of communication, but the reputation of the entire organization and, at the
very least, cost millions of dollars from lost revenue, time wasted and potential
subsequent compliance penalties.
5. The best SecOps
The best SecOps teams thrive on their suspicion, ensuring regular checks of digital
signatures, MACs verified and identities confirmed by certificate authorities. They
define strategies and use tools to deal with then the trusted becomes
untrustworthy.Tools like analyzers are used to constantly review the multiplicity of
cryptographic objects to ensure algorithms, keys, certificates, protocols are secure
and up-to-date.
They’ll have seen once trusted algorithms such as DES and RSA become
compromised. So it will go for algorithms they are currently using, especially in light
of advances in quantum computing.