Axioms of Cryptography

History teaches us some very valuable lessons about cryptography. I have extracted some of the basic concepts in a distilled form below. Designing a system based on these principles will make successful cryptanalysis more difficult.

1.    Every system that is practical is breakable.

2.    Sending the same message encrypted and in plaintext provides an invaluable reference to the cryptanalyst. Sending the same message using different keys or systems can also aid cryptanalysis.

Self-Enforcement: NAC's Black Sheep

It wasn't that long ago that everyone and their dog wanted in to the NAC market like it was a peep show on pay day. Some NAC companies sprung up from the dirt fully formed through VC funding, while others made (often fatal) changes in product or company direction in order to get a piece of the action. Companies that had nothing to do with NAC - and sometimes nothing to do with security at all - planted their flag on the barren NAC lunarscape to avoid missing out on the inevitable cash cow (that never came).

Securing Credential Delivery

Initially, some crypto systems relied on a single piece of information for user authentication (such as a passphrase provided out of band). As Public Key Infrastructures matured, this type of system became unacceptable because of the potential for compromise through a single point of failure. Today's baseline for user authentication is provided by the CA generating two disparate pieces of information, both of which are required during certificate generation.