Are cryptography tools really only for crooks?

By P.J. Connolly, InfoWorld |  Development

Another problem with many crypto offerings is that they can leave you vulnerable to forensic-grade tools that can pull data from supposedly deleted files, including the temporary files that your e-mail application uses as a placeholder for the message before it's encrypted. It seems to me that the only way to get a truly secure solution is to write a mail application that has the encryption built in at the most fundamental level, so that even if temporary files are recovered, they may be rendered useless.

At the same time, I don't want to think about how many people are using weak passphrases -- a sequence that is hashed with random numbers to produce the encipherment key -- which might be easy to remember, but won't stand up under a brute-force attack. It's kind of like buying the best deadbolt available, only to leave the key under a flowerpot on the front porch.

Are there crypto success stories out there? I suspect that the kinds of shops using crypto are also the kinds of shops that don't talk about their work, but I hope some of you will write and tell me that crypto is working for your company, and how so. Until I'm convinced otherwise, I have to stick with the position that crypto is just more trouble than it's worth, and that it's likely to lull you into a false sense of security.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness