Everyone who has studied mathematics at the movie theater knows that encryption is pretty boss. Practically every spy in every spy movie looks at an encrypted file with fear and dread. Armies of ninjas can be fought. Bombs can be defused. Missiles can be diverted. But an encrypted file can only be cracked open with the proper key -- and that key is always in the hands of a dangerously attractive agent hidden in a sumptuous hideout on the other side of the world. (Never in Newark or New Haven -- who wants to film there?)
Alas, this theorem of encryption security may be accepted as proven by math geniuses at Hollywood U., but reality is a bit murkier. Encryption isn't always perfect, and even when the core algorithms are truly solid, many other links in the chain can go kablooie. There are hundreds of steps and millions of lines of code protecting our secrets. If any one of them fails, the data can be as easy to read as the face of a five-year-old playing Go Fish.
[ Verse yourself in the 7 sneak attacks used by today's most devious hackers, 14 dirty IT security consultant tricks, 9 popular IT security practices that don't work, and 10 crazy security tricks that do. | Build and deploy an effective line of defense against corporate intruders with InfoWorld's Encryption Deep Dive PDF expert guide. Download it today! | Learn how to protect your systems with Roger Grimes' Security Adviser blog. ]
Encryption is under assault more than ever -- and from more directions than previously thought. This doesn't mean you should forgo securing sensitive data, but forewarned is forearmed. It's impossible to secure the entire stack and chain. Here are 11 reasons encryption is no longer all it's cracked up to be.
Encryption's weak link No. 1: No proofs -- just an algorithm arms race
The math at the heart of encryption looks impressive, with lots of superscripts and subscripts, but it doesn't come with any hard and fast proofs. One of the most famous algorithms, RSA, is said to be secure -- as long as it's hard to factor large numbers. That sounds impressive, but it simply shifts the responsibility. Is it truly that hard to factor large numbers? Well, there's no proof that it's hard, but no one knows how to do it right all of the time. If someone figures out a fast algorithm, RSA could be cracked open like an egg, but that hasn't happened yet ... we think.
Encryption's weak link No. 2: Disclosure is the only means of detecting a crack
Suppose you figured out how to factor large numbers and crack RSA encryption. Would you tell the world? Perhaps. It would certainly make you famous. You might get appointed a professor at a fancy college. You might even land a cameo on "The Big Bang Theory."