Wednesday, 13 July 2016

A bitter placebo - Encryption

If only this placebo were bitter. The sad news is that it is a sweet pill to swallow which makes it an easy sell. I call it 'bitter' because it is costing us billions of dollars a year!

Google: Today’s Encryption May Not Survive Tomorrow’s Attacks

An article about how Encryption is not be enough. Yet the fact is that for years, it has not been protecting data sufficiently. The proof is in the pudding. More than 400 billion dollars lost, yearly, to cyber criminals! Unless your an ostrich, you must know that much of the data stolen has been encrypted!

Researchers claim Android Keystore encryption is broken. This interesting article provides a particular quote I would like to cite:
“Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity,” 
I would add that cryptographic schemes cannot be chosen for their proven security, but rather for their 'apparent security'.

  • There is no doubt that encryption is better than plain text
  • There is no doubt that encryption will cost the cyber criminal time and money
  • There is no doubt that give time and money, encryption can be broken! Read one of my previous articles on Encryption, breaking the myth for a small sample of breaches that resulted in significant losses. Keep in mind that not all losses are reported, and moreover, monetary loss may be measured more easily than the public relations nightmare that follows.

In the article cited above about Encryption surviving tomorrow's attacks, they mention 'Advanced Quantum attacks'. Encryption used for 'data security' is vulnerable because:

  1. Technology continues to evolve producing faster and more efficient hardware and software.
  2. Static data is much easier to find, store and work on, then data in transit. While encryption used for communication is much more difficult to capture, then break - static data should be though of as 'a sitting duck'.
  3. Prime number generators are available which significantly reduce the time needed to find the keys. An organic sieve which my generator can easily produce would result in a 'look up table' for all prime numbers. If my generator can do it, you know others must have superior 'organic sieves'! 
Wait a minute you say, what if companies aren't using prime numbers as keys for their encrypted data? My company, CORAcsi, isn't using prime numbers: "we aren't using encryption for data security". We are pioneering the use of chaos Maps and CORA. Soon enough, others will follow and we will secure the global community.

Admittedly I am biased towards CORA. In my defense, my bias is altruistic. I believe in security. I believe in the right to protect one's information. I believe in sharing 'my information' on my terms. I believe in 'the Cloud'. CORA makes 'the Cloud' a value add (unbreakable data security) to corporate and private clients; not knowing everything about 'where the CORA fragments' are stored makes "the Cloud" a value add, rather than a hard sell to shareholders.

1 comment: