Researchers claim Android Keystore encryption is broken. This interesting article provides a particular quote I would like to cite:
“Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity,”I would add that cryptographic schemes cannot be chosen for their proven security, but rather for their 'apparent security'.
- There is no doubt that encryption is better than plain text!
- There is no doubt that encryption will cost the cyber criminal time and money.
- There is no doubt that give time and money, encryption can be broken! Read one of my previous articles on Encryption, breaking the myth for a small sample of breaches that resulted in significant losses. Keep in mind that not all losses are reported, and moreover, monetary loss may be measured more easily than the public relations nightmare that follows.
In the article cited above about Encryption surviving tomorrow's attacks, they mention 'Advanced Quantum attacks'. Encryption used for 'data security' is vulnerable because:
- Technology continues to evolve producing faster and more efficient hardware and software.
- Static data is much easier to find, store and work on, then data in transit. While encryption used for communication is much more difficult to capture, then break - static data should be though of as 'a sitting duck'.
- Prime number generators are available which significantly reduce the time needed to find the keys. An organic sieve which my generator can easily produce would result in a 'look up table' for all prime numbers. If my generator can do it, you know others must have superior 'organic sieves'!
Admittedly I am biased towards CORA. In my defense, my bias is altruistic. I believe in security. I believe in the right to protect one's information. I believe in sharing 'my information' on my terms. I believe in 'the Cloud'. CORA makes 'the Cloud' a value add (unbreakable data security) to corporate and private clients; not knowing everything about 'where the CORA fragments' are stored makes "the Cloud" a value add, rather than a hard sell to shareholders.