Gartner Research

Understanding and Evaluating Cryptographic Systems: An Information Security Foundation

Published: 14 May 2012

ID: G00233267

Analyst(s): Ramon Krikken

Summary

Cryptographic systems provide a foundation for many information security controls, and their correct design and implementation is critical in ensuring that security objectives can be met. This assessment covers changes in the cryptographic landscape with respect to legal and regulatory compliance (as well as changes in cryptology) and presents the notion of the cryptographic ecosystem whose individual parts and totality need to be assessed when implementing cryptography solutions.

Table Of Contents

Summary of Findings

Analysis

  • Changes in the Business and Regulatory Environment
    • Compliance Mandates Driving Adoption
    • Compliance Mandates Limiting Cryptography
    • Patent Environment
  • Changes in the Cryptographic Landscape
    • Algorithms, Key Lengths and Hash Sizes
    • Cipher Modes and Protocols
    • Random Number Generators
  • Cryptography as Part of an IT Solution
  • Assessing the Cryptographic Ecosystem
    • Software- and Hardware-Based Cryptographic Processing
    • Selecting Key Storage and Management
  • Strengths
  • Weaknesses

The Details

  • Cryptographic Strength
    • Algorithm Strength
    • Key Length and Hash Size
    • Correct Implementation
  • Symmetric Encryption Systems
    • Data Encryption Standard (DES)
    • Triple DES
    • Advanced Encryption Standard (AES)
    • One-Time Pads
    • Secret-Key Distribution
  • Hash Functions
  • Message Authentication
  • Public-Key Encryption
    • Public-Key Distribution
    • Digital Signatures
    • Performance Issues With Public Key
    • Rivest-Shamir-Adleman (RSA)
    • Elliptic Curve Cryptosystem
    • Identity-Based Encryption
    • Lattice-Based Encryption
  • Large-Scale Cryptographic Systems
    • Kerberos
    • Internet Cryptographic Systems and SSL/TLS

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.