Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

11 reasons encryption is (almost) dead

Peter Wayner | May 6, 2014
Massive leaps in computing power, hidden layers, hardware backdoors -- encrypting sensitive data from prying eyes is more precarious than ever

Everyone who has studied mathematics at the movie theater knows that encryption is pretty boss. Practically every spy in every spy movie looks at an encrypted file with fear and dread. Armies of ninjas can be fought. Bombs can be defused. Missiles can be diverted. But an encrypted file can only be cracked open with the proper key -- and that key is always in the hands of a dangerously attractive agent hidden in a sumptuous hideout on the other side of the world. (Never in Newark or New Haven -- who wants to film there?)

Alas, this theorem of encryption security may be accepted as proven by math geniuses at Hollywood U., but reality is a bit murkier. Encryption isn't always perfect, and even when the core algorithms are truly solid, many other links in the chain can go kablooie. There are hundreds of steps and millions of lines of code protecting our secrets. If any one of them fails, the data can be as easy to read as the face of a five-year-old playing Go Fish.

Encryption is under assault more than ever -- and from more directions than previously thought. This doesn't mean you should forgo securing sensitive data, but forewarned is forearmed. It's impossible to secure the entire stack and chain. Here are 11 reasons encryption is no longer all it's cracked up to be.

Encryption's weak link No. 1: No proofs -- just an algorithm arms race
The math at the heart of encryption looks impressive, with lots of superscripts and subscripts, but it doesn't come with any hard and fast proofs. One of the most famous algorithms, RSA, is said to be secure -- as long as it's hard to factor large numbers. That sounds impressive, but it simply shifts the responsibility. Is it truly that hard to factor large numbers? Well, there's no proof that it's hard, but no one knows how to do it right all of the time. If someone figures out a fast algorithm, RSA could be cracked open like an egg, but that hasn't happened yet ... we think.

Encryption's weak link No. 2: Disclosure is the only means of detecting a crack
Suppose you figured out how to factor large numbers and crack RSA encryption. Would you tell the world? Perhaps. It would certainly make you famous. You might get appointed a professor at a fancy college. You might even land a cameo on "The Big Bang Theory."

But the encryption-cracking business can be shady. It isn't hard to imagine that it attracts a higher share of individuals or organizations that might want to keep their newfound power secret and use it to make money or extract valuable information.

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.