Next, we look briefly at a few other important facets of a complete security system, albeit issues that are somewhat outside the scope of digital cryptography. An overall security system is only as secure as the weakest facet.
No key should be used forever. The longer a key has been in use and the more often its uses are exposed, the greater the probability of it being compromised due to accident, subversion, or cryptanalysis. Most systems require regular key updates and a plan for nonscheduled rollover in case of known compromise. While the timing for such updates depends on the particular circumstances, most public keys should not be used for more than a year. In fact, sometimes it is reasonable to use a key for example, an enveloped encryption symmetric key once only.
Devices and areas where keys are exposed, cryptographic computations are performed, and the plain text version of cipher text appears must be physically secure. If an adversary can obtain keys or passwords by getting them from computer memory, observing user keystrokes, or similar activities, you are sunk. Cryptographic security relies on the security of the keys. If the actual cryptographic computations can be observed, changed, or bypassed, security is lost.
In security systems of any complexity, there are always people whom you must trust. They include, but are not limited to, people with physical access to the keying material, people who implemented the software and/or hardware involved with critical operations, and people who designed the system. If operation of the system is critical or protects valuable secrets, how do you assure that these people are trustworthy?
Even with good cryptography, physical, and personnel security, what sort of administrative procedures do you have? If a security violation or compromise occurs, who reports it and what action is taken? Does anyone actually check that what is supposed to be done is being done, that encrypted data are actually secure?