Encryption is bullshit: Ashley Madison edition.

/Encryption is bullshit: Ashley Madison edition.

To be fair, encryption isn’t bullshit per se. The maths and concepts behind it are just complicated. They’re complicated to the point that a lot of people–and I mean, like, “literally nearly all people”–in the tech industry have no fucking clue how they work.

The problem is that effective encryption is 100% reliant on implementation. The actual algorithms themselves are just algorithms; they mostly all work in their own mathy way.1 But they’re only useful when they’re implemented effectively by application developers and, well. You remember how I said no one fucking understands crypto?

Yeah. Here’s where we get problems. Problems like this one.

(Also, for anyone who’s thinking, “Yeah, but they had the source code!” No.)

  1. Sort of. Where they don’t work tends to be when computational power catches up to them, as happened with MD5, or when they are found to be susceptible to things like collisions, as… happened with MD5. Basically, don’t use MD5. ^
2017-08-23T09:59:52+00:00 17th November, 2015|Tags: infosec, tech|Comments Off on Encryption is bullshit: Ashley Madison edition.