Organisations utilising cryptography for securing confidential information have the choice of hardware and software based solutions depending on the nature of the data in need of encryption. Arguably, the weakest link in the chain is the cryptographic keys used to encrypt and decrypt the data. This is due to the constantly increasing processing power of today's computers and the length of time it may take to compromise the keys through an exhaustive key search. Therefore, these organisations must regularly revoke, update and distribute the keys to the relevant parties in order to reduce the risk of internal and external threats.
Many sectors, including banking and governmental, have the time consuming task of tracking and managing ever-increasing numbers of keys to ensure the right keys are in the right place at the right time. The vast amounts of keys needed for the daily operations of applications using crypto will lead to an army of administrators if the keys are managed manually. Hence, automated key management systems are now a necessity for these organisations if they are to keep on top of the workload, and reduce their admin costs.
Key management will come in many variations with some more suitable for enterprise settings while others are more scalable, designed for the huge numbers of keys as utilised in the banking industry. Different requirements need different solutions, however, there are some general issues which must be addressed if the implementation of such systems are to be successful in terms of functionality, compliance, availability and keeping costs at a minimum. A short list of best practice procedures is below:
With a system combining these elements, key management can eliminate many of the risks associated with human error and intentional Equipment attacks on the confidential data. It may also allow the flexibility for providing security for applications which might otherwise have been deemed too costly for cryptography.
The second article went on to state; "Tokyo-based Mt. Gox, once one of the largest exchanges of the bitcoin cybercurrency, stopped operating Tuesday amid rumors that millions may have been stolen from the firm and rising concerns about the long-term prospects for the unregulated digital currency. Other bitcoin exchanges quickly moved to distance themselves from Mt. Gox and assert that they were still open for business. The value of the currency itself dropped sharply to just over $500 by mid-afternoon. It hit an all-time high of $1,100 in November."
What do you say to that? Ouch. Does this prove that the naysayers calling it a Ponzi Scheme were right? Do they get the last laugh, or is this just an expected evolutionary process of disruption as all the kinks are worked out? Well, consider this thought experiment I had.
Let's say there was hanky-panky involved, let's say someone hacked the system or stole the digital currency. Right now, digital currency flies under the radar as it is not recognized even with all the new Too Big To Fail regulations on banks, etc. How can a digital currency have value? Hard to say, how can a fancily printed piece of paper marked $20 be worth anything, it's not, but it is worth what it represents if we all agree to that and have trust in the currency. What's the difference, it's a matter of trust right?
Okay so, let's say that the regulators, FBI, or another branch of government interferes and files charges - if they file criminal charges that someone defrauded someone else then how much defrauding was involved? If the government enforcement and justice department put a dollar amount number to that, they are inadvertently agreeing that the digital currency is real, and it has a value, thus, acknowledging it. If they don't get involved, then any fraud that may or may not have occurred sets the entire concept back a ways, and the media will continue to drive down the trust of all digital or crypto-currencies.