11 reasons encryption is (almost) dead

Encryption is full of weak links, from backdoors to big data

Everyone who has studied mathematics at the movie theater knows that encryption is pretty boss. Practically every spy in every spy movie looks at an encrypted file with fear and dread. Armies of ninjas can be fought. Bombs can be defused. Missiles can be diverted. But an encrypted file can only be cracked open with the proper key -- and that key is always in the hands of a dangerously attractive agent hidden in a sumptuous hideout on the other side of the world. (Never in Newark or New Haven -- who wants to film there?)

Alas, this theorem of encryption security may be accepted as proven by math geniuses at Hollywood U., but reality is a bit murkier. Encryption isn't always perfect, and even when the core algorithms are truly solid, many other links in the chain can go kablooie. There are hundreds of steps and millions of lines of code protecting our secrets. If any one of them fails, the data can be as easy to read as the face of a five-year-old playing Go Fish.

Encryption is under assault more than ever -- and from more directions than previously thought. This doesn't mean you should forgo securing sensitive data, but forewarned is forearmed. It's impossible to secure the entire stack and chain. Here are 11 reasons encryption is no longer all it's cracked up to be.

Encryption's weak link No. 1: No proofs -- just an algorithm arms race

The math at the heart of encryption looks impressive, with lots of superscripts and subscripts, but it doesn't come with any hard and fast proofs. One of the most famous algorithms, RSA, is said to be secure -- as long as it's hard to factor large numbers. That sounds impressive, but it simply shifts the responsibility. Is it truly that hard to factor large numbers? Well, there's no proof that it's hard, but no one knows how to do it right all of the time. If someone figures out a fast algorithm, RSA could be cracked open like an egg, but that hasn't happened yet ... we think.

Encryption's weak link No. 2: Disclosure is the only means of detecting a crack

Suppose you figured out how to factor large numbers and crack RSA encryption. Would you tell the world? Perhaps. It would certainly make you famous. You might get appointed a professor at a fancy college. You might even land a cameo on "The Big Bang Theory."

But the encryption-cracking business can be shady. It isn't hard to imagine that it attracts a higher share of individuals or organizations that might want to keep their newfound power secret and use it to make money or extract valuable information.

Many of our assumptions about the security of cryptography are based on the belief that people will share all of their knowledge of vulnerabilities -- but there is no guarantee anyone will do this. The spy agencies, for instance, routinely keep their knowledge to themselves. And rumors circulate about an amazing cryptographic breakthrough in 2010 that's still classified. Why should the rest of us act any differently?

Encryption's weak link No. 3: The chain is long and never perfect

There are a number of excellent mathematical proofs about the security of this system or that system. They offer plenty of insight about one particular facet, but they say little about the entire chain. People like to use phrases like "perfect forward security" to describe a mechanism that changes the keys frequently enough to prevent leaks from spreading. But for all of its perfection, the proof covers only one part of the chain. A failure in the algorithm or a glitch in the software can circumvent all this perfection. It takes plenty of education to keep this straight.

Encryption's weak link No. 4: Cloud computing power is cheap and massive

Some descriptions of algorithms like to make claims that it would take "millions of hours" to try all the possible passwords. That sounds like an incredibly long time until you realize that Amazon alone may have half a million computers for rent by the hour. Some botnets may have more than a million nodes. Big numbers aren't so impressive these days.

Encryption's weak link No. 5: Video cards bring easy parallelism to cracking

The same hardware that can chew through millions of triangles can also try millions of passwords even faster. GPUs are incredible parallel computers, and they're cheaper than ever. If you need to rent a rack, Amazon rents them too by the hour too.

Encryption's weak link No. 6: Hypervisors -- the scourge of the hypervigilant

You've downloaded the most secure distro, you've applied all the updates, you've cleaned out all the cruft, and you've turned off all the weird background processes. Congratulations, you're getting closer to having a secure server. But let's say you're still obsessed and you audit every single last line of code yourself. To be extra careful, you even audit the code of the compiler to make sure it isn't slipping in a backdoor.

It would be an impressive stunt, but it wouldn't matter much. Once you have your superclean, completely audited pile of code running in a cloud, the hypervisor in the background could do anything it wanted to your code or your memory -- so could the BIOS. Oh well.

Encryption's weak link No. 7: Hidden layers abound

The hypervisor and the BIOS are only a few of the most obvious layers hidden away. Practically every device has firmware -- which can be remarkably porous. It's rarely touched by outsiders, so it's rarely hardened.

One research "hardware backdoor" called Rakshasa can infect the BIOS and sneak into the firmware of PCI-based network cards and CD drivers. Even if your encryption is solid and your OS is uninfected, your network card could be betraying you. Your network card can think for itself! It will be a bit harder for the network card to reach into the main memory, but stranger things have happened.

These hidden layers are in every machine, usually out of sight and long forgotten. But they can do amazing things with their access.

Encryption's weak link No. 8: Backdoors aplenty

Sometimes programmers make mistakes. They forget to check the size of an input, or they skip clearing the memory before releasing it. It could be anything. Eventually, someone finds the hole and starts exploiting it.

Some of the most forward-thinking companies release a steady stream of fixes that never seems to end, and they should be commended. But the relentless surge of security patches suggests there won't be an end anytime soon. By the time you've finished reading this, there are probably two new patches for you to install.

Any of these holes could compromise your encryption. It could patch the file and turn the algorithm into mush. Or it could leak the key through some other path. There's no end to the malice that can be caused by a backdoor.

Most of the hype around encryption focuses on the strength of the encryption algorithm, but this usually blips over the fact that the key-selection algorithm is just as important. Your encryption can be superstrong, but if the eavesdropper can guess the key, it won't matter.

This is important because many encryption routines need a trustworthy source of random numbers to help pick the key. Some attackers will simply substitute their own random-number generator and use it to undermine the key choice. The algorithm remains strong, but the keys are easy to guess by anyone who knows the way the random-number generator was compromised.

Encryption's weak link No. 10: Typos

One of the beauties of open source software is that it can uncover bugs -- maybe not all of the time but some of the time.

Apple's iOS, for instance, had an extra line in its code: goto fail. Every time the code wanted to check a certificate to make sure it was accurate, the code would hit the goto statement and skip it all. Oops.

Was it a mistake? Was it put there on purpose? We'll never know. But it sure took a long time for the wonderful "many eyes" of the open source community to find it.

Encryption's weak link No. 11: Certificates can be faked

Let's say you go to PeteMail.com with an encrypted email connection, and to be extra careful, you click through to check out the certificate. After a bit of scrutiny, you discover it says it was issued by the certificate authority Alpha to PeteMail.com and it's all legit. You're clear, right?

Wrong. What if PeteMail.com got its real SSL certificate from a different certificate authority -- say, Beta. The certificate from Alpha may also be real, but Alpha just made a certificate for PeteMail.com and gave it to the eavesdropper to make the connection easier to bug. Man-in-the-middle attacks are easier if the man in the middle can lie about his identity. There are hundreds of certificate authorities, and any one of them can issue certs for SSL.

This isn't a hypothetical worry. There are hundreds of certificate authorities around the world, and some are under the control of the local governments. Will they just create any old certificate for someone? Why don't you ask them?

``` ```