2015-11-17

Uncrackable encryption

Another effort to explain a simple point to people that are not that technical.

Encryption is all about hiding something, such as a message, in such a way that only the correct people (the recipient of the message) can see what the message says. They typically need some sort of "key" to unlock it. Cracking encryption is about finding a way to access the message without having the key.

One of the fun comments you hear is that all encryption is crackable, it is simply a matter of enough time and computing power.

In most cases this is true - encryption usually uses mathematical operations which are inherently difficult, but with enough computing power and time you can crack it.

There is a big caveat though - for many encryption systems, using all of the computers in the world, will take longer than the time until the sun dies to crack the message. OK maybe an exaggeration for some systems in use, but the point is - for all practical purposes, and for the lifetime that the message is important, most encryption systems are uncrackable.

That is the point - encryption only has to be good enough that with the resources an adversary may have, it would take longer to decode the message than the message has useful lifetime.

So, asking if encryption is crackable is a silly question - the answer is "technically yes, but not in any practical way".

However, it is worth pointing out that there are encryption systems that are in fact uncrackable. Ironically, the pen and paper method explained in the video (above) is an example of one - the "one time pad". Without the key it is not possible to crack, even with infinite time and computing power. The reason is that you can pick all of the possible keys and get every possible message that could be sent (including the real message) but all are equally likely. You have every possible message, including a recipe for chicken soup, and cannot tell which is the actual message. Unlike systems that involve solving a difficult mathematical problem, there is no way to tell when you have solved a one time pad. You simply have to get the keys.

And this is where most encryption is "cracked" - not by cracking the encryption itself, but by accessing the end points or the people involved. XKCD put it nicely :-