Rivest interview in PCWeek

Rohit Khare (khare@www10.w3.org)
Fri, 24 Jan 1997 14:54:52 -0500

Nothing very interesting here, but it's a rare interview for a trade pub =
do. Michael Moeller has also done a good job tracking the W3C.=20


January 24, 1997 1:45 PM ET=20
Crypto man: RSA founder discusses future of encryption
By Michael Moeller

=A0While at the Massachusetts Institute of Technology in the 1970s, Ron Rivest helped develop public/private key encryption technology. He went o= n to co-found RSA Data Security Inc., whose security products reside in mos= t software products developed today. Next week, RSA will host a major security conference in San Francisco. Rivest, now an MIT professor and associate director of the MIT Laboratory for Computer Science, in Cambridge, Mass., talked recently with Senior Editor Michael Moeller abou= t where encryption technology came from and where it's going.

PC WEEK: When was the first implementation of a public/private Key Crypto system?

RIVEST: In early 1977 we came up with what's become known as the RSA Key Crypto system. The idea for the public Key Crypto system was laid out [by Whitfield Diffie and Martin Hellman in "New Directions in Cryptography"], but they really didn't have a good implementation for it. [RSA] was reall= y the first workable system and has remained as one of the premiere systems to date.

PC WEEK: When did you turn RSA over to Jim Bidzos [CEO of RSA]?

RIVEST: RSA didn't really begin until '83. Between '76 and '83 we thought [the technology] had some commercial potential, and we tried to realize that by talking to some of the larger corporations, Motorola and so on. B= ut it was really way ahead of its time and there wasn't a market. So around '83 we formed a corporation and tried to get some funding and so on. But = it was a hard road, and none of us were businessmen. [So] we restructured, a= nd Jim took over in '86.

PC WEEK: What was the impetus for public key?

RIVEST: Diffie and Hellman were visionaries and saw that public key cryptography would, down the road, have tremendous applications in terms = of digital signatures and the enabling of digital commerce. So they saw that this was coming. It was just the networking of the world was not there ye= t to make their vision a reality as it is today in the '90s.

PC WEEK: What is the role of cryptography and why are people still nervou= s about security?

RIVEST: There are real threats to security. Cryptography predisposes that you've got a system that can perform cryptographic operations, and more importantly, keep secret the keys that are being used to secure the communications. Cryptography can protect stuff once it's going over the wire, but there are other kinds of threats that cryptography doesn't necessarily protect against. Cryptography by itself is not the only tool that's needed to secure a corporation's information assets.

PC WEEK: What are some of the other tools?

RIVEST: One of [RSA parent company] Security Dynamics [Inc.'s] premiere products is the secureID card used for logging in, which provides a dynam= ic password, one that changes every minute. Another is firewalls. Corporatio= ns want to protect their legacy systems on the internal net. As they connect their internal net to the external net the firewalls help protect the internal net, which may have old machines without very good protection, from malicious hackers that may be coming in over the Internet.

PC WEEK: How prevalent and easy to use are digital certificates going to be?

RIVEST: Digital certificates are one of the key technologies for getting public key used pervasively. You need to know that you've got the right public key when you're authorizing somebody to log into a computer system or when you're executing a digital transaction. Digital certificates are your Internet calling card if you will. And they're going to be essential= , they're going to be widespread, there are going to be lots of them, available in lots of places.

PC WEEK: Where do you see encryption going?

RIVEST: I think it's going to be pervasive: You need it whenever you're communicating remotely to make sure you're talking to the right party. An= d so much of our communications will be remote, over the Internet. You may = be wearing things on your person which allow you to communicate. You may hav= e your electronic wallets and so on, too. So cryptography will just be wherever you've got digital communications going on. In terms of making i= t all work nicely, one of the issues that still needs to be resolved is the establishment of good certification services and public key infrastructur= e.

PC WEEK: Is there any new work going on in the algorithm space or the underlying infrastructure for encryption and cryptography and public key?

RIVEST: Cryptography is very vigorous. There are new proposals for public key techniques as well as new proposals for basic block ciphers and hash algorithms and so on. To some extent, the most exciting work is at the higher levels, dealing with protocols and applications and trying to put together larger systems. The elementary building blocks are cryptographic algorithms, but at the higher level [there are] key establishment and electronic payments, electronic voting, all kinds of interesting applications trying to build up a higher level of applications and gettin= g some real functionality to the particular problem that you're trying to face. We're getting to that stage now. Microsoft has got a cryptographic API.

PC WEEK: How important are these API frameworks?

RIVEST: We'll have to see. I think it's a good step for my guess. We'll just have to see how the market responds and whether developers jump on that as a way of coming up with sort of more transportable applications using that encryptographic technology provided by the API. I think it's a bit early yet to see how that shakes out, but I'm optimistic.