11 reasons encryption is (almost) dead

Massive leaps in computing power, hidden layers, hardware backdoors -- encrypting sensitive data from prying eyes is more precarious than ever

By Peter Wayner, InfoWorld |  Security, encryption

Encryption's weak link No. 4: Cloud computing power is cheap and massiveSome descriptions of algorithms like to make claims that it would take "millions of hours" to try all the possible passwords. That sounds like an incredibly long time until you realize that Amazon alone may have half a million computers for rent by the hour. Some botnets may have more than a million nodes. Big numbers aren't so impressive these days.

Encryption's weak link No. 5: Video cards bring easy parallelism to crackingThe same hardware that can chew through millions of triangles can also try millions of passwords even faster. GPUs are incredible parallel computers, and they're cheaper than ever. If you need to rent a rack, Amazon rents them too by the hour too.

Encryption's weak link No. 6: Hypervisors -- the scourge of the hypervigilantYou've downloaded the most secure distro, you've applied all the updates, you've cleaned out all the cruft, and you've turned off all the weird background processes. Congratulations, you're getting closer to having a secure server. But let's say you're still obsessed and you audit every single last line of code yourself. To be extra careful, you even audit the code of the compiler to make sure it isn't slipping in a backdoor.

It would be an impressive stunt, but it wouldn't matter much. Once you have your superclean, completely audited pile of code running in a cloud, the hypervisor in the background could do anything it wanted to your code or your memory -- so could the BIOS. Oh well.

Encryption's weak link No. 7: Hidden layers aboundThe hypervisor and the BIOS are only a few of the most obvious layers hidden away. Practically every device has firmware -- which can be remarkably porous. It's rarely touched by outsiders, so it's rarely hardened.

One research "hardware backdoor" called Rakshasa can infect the BIOS and sneak into the firmware of PCI-based network cards and CD drivers. Even if your encryption is solid and your OS is uninfected, your network card could be betraying you. Your network card can think for itself! It will be a bit harder for the network card to reach into the main memory, but stranger things have happened.

These hidden layers are in every machine, usually out of sight and long forgotten. But they can do amazing things with their access.

Encryption's weak link No. 8: Backdoors aplentySometimes programmers make mistakes. They forget to check the size of an input, or they skip clearing the memory before releasing it. It could be anything. Eventually, someone finds the hole and starts exploiting it.

Originally published on InfoWorld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question