The problem isn’t the maths.

/The problem isn’t the maths.

Could a simple mistake be how the NSA was able to crack so much encryption?

Most encryption software does the high-tech equivalent of reusing passwords, and that could be how the US national security agency decrypted communications

This is why I hate encryption.

Tl;dr, a shorthand in the implementation of almost all public key cryptography means that anyone with a bunch of money and will could, with time, crack it. The article’s in The Guardian so obviously there’s a lot of finger-pointing at the NSA, but the reality is any nation-state (or any sufficiently wealthy individual or organisation, honestly) could do this.

Two takehomes here:

  1. The weaknesses in encryption are rarely in the maths, and almost always in the implementation of said maths.
  2. No encryption is un-crackable. ((Well. Kinda. For the purposes of this post, let’s just pretend that’s true enough.)) With enough time and/or computing power,1 anyone can, in theory, break anything. The point of encryption is as a deterrent; that is, to make the length of time-to-crack so unfeasible versus the value of the encrypted information that no-one is going to bother. The problem is that this is a value-judgement, and the variables around it are very different when you start dealing on a nation-state level.2

Does this mean don’t use encryption ever? No, absolutely not. Just be very aware that encryption is the equivalent of locking your door; it’s going to stop someone who jiggles the knob, not someone who kicks down the jamb or comes in through the window.

  1. Or luck, as any student who’s tried to brute-force their way through a cryptography course will attest to. ^
  2. Incidentally, this is why TOR is utterly useless for protecting against nation-state attacks. Who do you think owns all those exit nodes? Seriously, people. ^
2016-05-14T11:09:20+00:00 21st February, 2016|Tags: infosec|Comments Off on The problem isn’t the maths.