Encryption Is Not a Silver Bullet

Secure data being beamed across the Internet it? Encrypt it. Protect data at rest from being accessed? Encrypt it. It seems like encryption is the answer to all of your security concerns. That’s true to an extent, but even encryption has its limitations.

Encryption is a perfectly viable solution for securing data, but it’s not invulnerable--especially for data at rest, like files stored on backup media. Today’s unbreakable algorithm is tomorrow’s cracked encryption.

The idea of encryption dates back centuries. At its core, it’s nothing more than replacing information with other data that makes it appear to be gibberish unless you have the key that helps you reverse the process (decrypt) so you can recover the original information.

One of the most well-known examples of encryption is the Caesar Cipher. Attribute to the Roman emperor Julius Caesar, the code involved simply offsetting the letters of the alphabet by a specified number. For example, an offset of four would make an “A” become a “E”, a “B” become an “F”, and so on. The resulting message would seem like a random jumble of letters unless you knew how it was encrypted, and what the offset number was.

At the time, the Caesar Cipher represented the pinnacle of cryptographic achievement, but now it’s considered child’s play. The same thing has happened time and time again, though, with every other form of coding and encryption that has come along. The reality is that an encryption algorithm invented today may be virtually uncrackable…today. Given enough time, resources, and dedication, though, someone will eventually crack the code.

What does that mean for you? It means two things. First, You should definitely employ encryption to protect your data whether it’s in transit across the Internet or resting safely on your laptop’s hard drive, but you should be aware that it’s just another element of computer and data security and understand that it’s not impenetrable.

The second thing is more important. The encryption algorithm you use to protect your data may be very strong today, but if you fast forward a year, or ten years, or fifty years, it may seem like just another Caesar Cipher that any bored teen can crack with a few hours on their hands. Backup data may be forgotten and neglected, and years from now the data that was encrypted when the data was backed up may no longer be adequately protected.

Fujitsu researchers recently cracked encryption with a 923-bit key in just under 150 days using 21 computers (with a combined total of 252 processor cores). Your average attacker doesn’t have the kind of resources that Fujitsu used, and it’s fair to assume an attacker wouldn’t be dedicated enough to devote half a year to gaining access to your data, but the point is that the “unbreakable” can still be cracked.

Encryption is a vital tool for privacy, computer security, and data protection. Just be aware that it’s not a Holy Grail, and that you occasionally need to update to newer encryption algorithms to stay a step ahead.

Subscribe to the Security Watch Newsletter