Strong encryption weakened

Since weeks the scandals around the NSA and their surveillance programme keep flowing in. It seems endless and that some techniques applied were 2 months ago science fiction are now become real. Not only such behaviour of an all controlling body undermines our society it also brings inherently additional danger for all of us or at least most of us.

Putting in a covert channel in an encryption standard is pure madness, companies and people rely on those and have considered them secure. Now we have learned that an organisation can in certain cases easily read our precious and private data. It is only a matter of time that the enemies of that particular organisation discover and exploit the weakness. I wonder what happens next?

Even worse is the fact that some constructors/vendors actively participated in the set up of those covert channels. Organisations buy these products and rely on them, first for the security aspects delivered by these products and secondly because they are confident to have bought a product that has been seriously and conciously designed to protect and safeguard their digital assets. After years of trust it seems they have been betrayed and it leaves a bitter taste. If I were leading a company today, I would review my entire product portfolio and perhaps try to think how to get rid of them in the near future. Why not going for open-source, integrated products maintained by a smaller player who has his business near you and is far away from any political influence?

If you run a  big fiber connections, perhaps it is time for you to get a fiber encryption solution and perhaps investigate in a quantum cryptography solution instead of using encryption with pure math.

Snowden opened a pandora's box and I'm pretty sure there is a big nasty boomerang ready to hit back.

The comments are closed.