Tuesday, 17 November 2015

Uncrackable encryption



Another effort to explain a simple point to people that are not that technical.

Encryption is all about hiding something, such as a message, in such a way that only the correct people (the recipient of the message) can see what the message says. They typically need some sort of "key" to unlock it. Cracking encryption is about finding a way to access the message without having the key.

One of the fun comments you hear is that all encryption is crackable, it is simply a matter of enough time and computing power.

In most cases this is true - encryption usually uses mathematical operations which are inherently difficult, but with enough computing power and time you can crack it.

There is a big caveat though - for many encryption systems, using all of the computers in the world, will take longer than the time until the sun dies to crack the message. OK maybe an exaggeration for some systems in use, but the point is - for all practical purposes, and for the lifetime that the message is important, most encryption systems are uncrackable.

That is the point - encryption only has to be good enough that with the resources an adversary may have, it would take longer to decode the message than the message has useful lifetime.

So, asking if encryption is crackable is a silly question - the answer is "technically yes, but not in any practical way".

However, it is worth pointing out that there are encryption systems that are in fact uncrackable. Ironically, the pen and paper method explained in the video (above) is an example of one - the "one time pad". Without the key it is not possible to crack, even with infinite time and computing power. The reason is that you can pick all of the possible keys and get every possible message that could be sent (including the real message) but all are equally likely. You have every possible message, including a recipe for chicken soup, and cannot tell which is the actual message. Unlike systems that involve solving a difficult mathematical problem, there is no way to tell when you have solved a one time pad. You simply have to get the keys.

And this is where most encryption is "cracked" - not by cracking the encryption itself, but by accessing the end points or the people involved. XKCD put it nicely :-


2 comments:

  1. It's subjects like this that make it glaringly apparent, that for the majority of MPs, their ability to persuade people to vote for them is inversely proportional to their competency at anything that would actually make them a good politician.

    It takes an incredibly small minded person to be unable to grasp that one has about as much chance of banning encryption, as banning the song Humpty-Dumpty, even when the reasons have been explained to them at length.

    It's not about a hardware platform, or an app, it's a field of mathematics. Even if every piece of hardware and software containing encrption was banned (good luck getting rid of every occurence of the source code for things like PGP), then nothing would stop terrorists from simply finding someone with a sufficient understanding of the mathematics, and writing their own software. A minor inconvenience for them, that has no effect on their ability to hide their communications, while the attemt to ban encryption, or even just add backdoors, would have a hugely damaging effect on society.

    Encryption is something that has been let out of Pandora's box, and there is no way to put it back.

    ReplyDelete
  2. Have you seen the story on the register http://www.theregister.co.uk/2015/11/18/mps_to_assess_technological_feasibility_of_requirements_under_proposed_new_surveillance_laws/

    ReplyDelete