This is why I hate encryption.
Tl;dr, a shorthand in the implementation of almost all public key cryptography means that anyone with a bunch of money and will could, with time, crack it. The article’s in The Guardian so obviously there’s a lot of finger-pointing at the NSA, but the reality is any nation-state (or any sufficiently wealthy individual or organisation, honestly) could do this.
Two takehomes here:
- The weaknesses in encryption are rarely in the maths, and almost always in the implementation of said maths.
- No encryption is un-crackable. ((Well. Kinda. For the purposes of this post, let’s just pretend that’s true enough.)) With enough time and/or computing power,1 anyone can, in theory, break anything. The point of encryption is as a deterrent; that is, to make the length of time-to-crack so unfeasible versus the value of the encrypted information that no-one is going to bother. The problem is that this is a value-judgement, and the variables around it are very different when you start dealing on a nation-state level.2
Does this mean don’t use encryption ever? No, absolutely not. Just be very aware that encryption is the equivalent of locking your door; it’s going to stop someone who jiggles the knob, not someone who kicks down the jamb or comes in through the window.