Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Encryption still best way to protect data -- despite NSA

Jaikumar Vijayan | Sept. 9, 2013
Properly implemented encryption very hard to beat, even by experts at U.S. spy agency, security experts say

The main vulnerability to encrypted traffic is key management, Jevans said. Encryption keys are long, randomly generated passwords that can encrypt and decrypt Internet traffic. "Stealing the key is like stealing a password," he said.

The NSA's enormous financial resources and manpower allow it to effectively go after encryption keys and key management systems rather than break the math behind encrypted code, he said. "It's about a billion times more effective," Jevans noted.

Despite the recent revelations, encryption remains the best way to protect online data, Weis contends.

Concerned enterprises should consider using open source technologies like Open SSL — whose code is always visible to developers — rather than commercial software, which is more vulnerable to NSA backdoors, he said. "The code is there for people to audit and you can see the changes. At least you have some assurance that there is no intentional vulnerability" built into the software, he said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.