Entrust’s Approach and View of Cryptography

Key with binary numbers


There has been tremendous press coverage over the last week or two about cryptographic systems and threats to their security. I want to take some time to share how Entrust, as a global leader in cryptographic solutions, approaches cryptographic security, our legacy on open participation for the betterment of the cryptographic community and considerations about the potential implications of recent developments.

Since its inception as the first vendor of a commercial public key infrastructure (PKI), Entrust has led the way in innovation and trust. We have long held that active participation in the open standards community not only benefits Entrust, but also the community as a whole.

Fostering a Security Vision

We have been deeply involved with a team of cryptographic experts from the early days of research, into public key techniques and the founding of Entrust. This collaboration extended through the growth of public key architecture to its ubiquitous deployment in the very connected world of today.

This team remains diligent to ensure an aligned vision for the principles of technological advancement, trust, security and usability. And it includes ongoing research into potential vulnerabilities, whether raised by customers or the broader community.

A Digital Infrastructure

Whether leveraging digital certificate technology for private or public trust, Entrust firmly believes that public-key/asymmetric cryptography is the best approach to establishing trust and strong identities. Truly, it’s a system designed for long-term, large-scale usage.

When properly implemented, soundly productized with strong engineering, and deployed and managed with security best practices, public key technology is one of the most (if not the most) successful and strongest security architectures available.

Its strong mathematical underpinnings and flexibility in terms of customer-specifiable parameters has made it the most pervasive foundation for the security of the Internet, enterprise infrastructures and applications alike.

Migrating to New Cryptographic Standards

As technological advancement and computing power advances, it is inevitable that cryptographic strength will need to stay mathematically out of reach. This is why, for instance, the use of 1024-bit RSA keys is no longer prudent and is being deprecated in favor of 2048, and why the MD5-based hash algorithm was discontinued years ago.

The underlying system is strong, requiring only changes in the cryptographic variables over time in response to evolving threat conditions. The active involvement of an open community comprising academia, government and industry to maintain the understanding of evolving attack vectors and cryptanalytic techniques is essential to the maintenance of this piece of the critical infrastructure. As a result, Entrust is able to meet the needs of global customers for encryption and strong identity.

“˜Entrust Customer Relationships are Sacred’

Entrust is proud of its role as one of the leading suppliers of this remarkable technology. And to put any potential questions to rest, we have not and would not install a backdoor into any Entrust software or system at anyone’s behest. This has been stated in formal and very public terms under oath and remains Entrust’s policy. The relationship between Entrust and its customers, in this regard, is sacred.

Entrust is a software vendor that provides security, trust and strong identity through identity-based solutions. We take this responsibility very seriously. It is for this reason that I am addressing this topic now. We look forward to continued advances in the open standard community and in cryptography. Research and innovation are what help advance security. Now is as good a time as ever to invest in each.

Entrust Datacard