Information Systems

Discussion •

Encryption Key Management

The underlying mechanism that makes encryption work is the strength of the algorithm. Historically there have been few examples of encryption being defeated by having someone defeat and exploit the underlying algorithm. The length of the key is an important determiner in protecting the underlying algorithm. The ability to harness significant amounts of processing power is what is needed to defeat the key. One example is the original DES encryption that had an impossibly short key length based on algorithms in use today. Years went by and this DES algorithm was left untouched, but eventually we developed such an increase in processing power that it was possible to determine the algorithm rendering it an ineffective encryption solution.

Discuss the following:

o What are some of the criteria organizations should use to determine the minimum key length appropriate for use in encrypting their sensitive data?

o What aspects of encryption are vulnerable to those seeking to exploit a particular encryption application, if the underlying algorithm is not a good target?

o What are some of the risks to organizations who choose to encrypt their core business data while it is in transit and at rest, both within and external to their trusted network?