Encryption has long been the most popular way to protect, well, just about everything.
Encryption coats all your important files, documents, and communications with an ‘uncrackable’ algorithm of protection.
As we’ve learned more and more over the past few years, that algorithm isn’t quite as uncrackable as we like to think.
In fact, some have even gone as far as to say that encryption is dead. Is that true? Should you be worried? Today, I’m going to explain the five most important reasons why encryption may be closer to its death bed than we think.
5) We only learn about a crack when someone chooses to reveal it
Disclosure is the only means of revealing a crack in encryption.
What does that mean? Let’s say that you create a program that factors large numbers and cracks RSA encryption – encryption used by millions around the world.
Would you tell everyone if you found that flaw?
Maybe you would, or maybe you wouldn’t. Before you answer that question with a resounding ‘Yes’, consider that the online black market could make you a millionaire overnight with such a program. If you do everything right, you’ll never have to work a day in your life again.
Encryption cracking is worth a lot of money to a lot of people. For that reason, most cracks are never revealed to the public until someone actually chooses to reveal it.
4) No chain is perfect
Encryption involves superscripts and subscripts and some of the most complex algorithms in the world. That being said, there are no hard and fast proofs in encryption.
That means there are always going to be weak links on that chain. Chains are long and, as far as we know, there has never been a perfect encryption chain. A single failure in the algorithm or glitch in the software can slice through the chain and eliminate the hard work of all the other parts of the encryption.
3) The growing power of cloud computing
For years, the biggest advantage of encryption was that no computer in the world had the capabilities of deciphering something as complex as a 256 bit encryption code.
A brute force attack would take hundreds of years even with the best supercomputers.
Unfortunately, things have changed. Today’s supercomputers are more powerful today than they’ve ever been before. Next month’s supercomputers will be more powerful than this month’s supercomputers.
And of course, we have cloud computing, which can easily harness the power of thousands of computers through the cloud.
An encryption system that takes millions of hours to try every password combination on a supercomputer might take a fraction of that time with 1,000 cloud-connected computers. Google, Amazon, and many other major tech companies all have access to such cloud capabilities.
There are backdoors on just about everything these days. However, some parts of computers are more vulnerable to backdoors than others.
Your hardware, for example, can often be filled with backdoors. Hardware uses firmware to communicate with your computer. That firmware is rarely updated, which means it can’t adapt to recent security threats or problems.
Software also has backdoors. Some of these are intentionally placed by software developers – as is the case with many American companies and the NSA.
1) Human error and typos
Typos are a major reason why no encryption system is perfect.
Anywhere you have humans you have human error. It’s an inevitable side effect of well, being human. Programmers are typically smart people, but they’re going to mess up eventually.
When programmers mess up on encryption systems, it leads to some major flaws. Most of these flaws are never discovered, but when they are discovered, it’s bad news for anyone who uses encryption on a daily basis – which is everyone who uses the internet on a daily basis.
What comes after encryption?
If encryption is dead, then what do we do next? How are we supposed to protect our stuff?
Lots of security experts have pointed towards things like “perfect forward security” – which is an encryption system that changes keys frequently and theoretically prevents leaks from spreading.
Perfect forward security combined with intelligent use of cloud computing could make encryption “virtually” uncrackable. However, no matter what, the system will still be affected by most of the issues listed above.
What’s next for encryption? I have no idea. But if we don’t find out a strong form of digital protection soon, we’re all in big trouble.