The secrecy behind encryption
15 October 2004 in Root | Comments enabled
An interesting book to read is the fictional book “Digital Fortress“[affiliate], by Dan Brown, which plays around with encryption, deception, the National Security Agency and love all mixed into one juicy story. As one might guess, the ingredients for a good story is there but I think the book fails to deliver the story in an original way. Sure, the book is ready for Hollywood, but it is of no blockbuster material.
One thing that I did like about the book, is the background work the author had done on encryption and managed to weave it into the story. One of the more interesting semi-facts in the book is how the National Security Agency has managed to play part in creating some encryption algortihms. In the book, the encryption Skipjack was supposedly created to have a backdoor especially made by the NSA to allow them to decrypt the non-critical encrypted emails sent inbetween the government institutions. The backdoor was officially non-existing and very cleverly hidden so that non-NSA mathematicians at that time thought the encryption algorithm was really safe when they analyzed it.
After reading the book, I stumbled upon Schneier’s security weblog, where he goes through the history of the (probably) first major digital encryption algorithm, DES — Data Encryption Standard. It was no major surprise to me, by now, that the NSA also had their finger in this game also in a suspicious kind-of-way. It appears today as if the NSA acctually helped make the DES even more secure, but still not secure enough. 
However, the most interesting part he mentions is that today, our mathematicians do not know where we are in relation to the NSA’s super-think-tank of mathematicians. It seems that we are playing catch-up to them, and in the worst case (note: “worst”) we are years behind the NSA. This can mean that they have developed methods of decrypting our encryption already, at least so in theory.
But that is nothing to worry about, the DES is so passé, yesterdays trash. If you are still using DES then it is definately time to update to a more advanced encryption such as AES. Read the well written article for a bit more insight.
Should be worried if the NSA is ahead of us? Yes and no. Yes if you are an industry trying to keep your industrial secrets from leaking out. An European airplane manufacturer lost a deal over an American manufacturer in a price competition supposedly due to Echelon listening in on the communications with the biddings. The Echelon being a NSA child, its existance denied by everyone — and still everyone knows it exists, is rumored to be able to decrypt encrypted email messages in a matter of days no matter the desination or sender. But it makes me thing, where goes the line for national security? Is industrial espionage for the better good of the national enterprises where the line is drawn?
For the normal individual, I wouldn’t be concerned. My secret recepie on Mexican food is of no greater interest to the NSA — I believe. I am hoping that they are focusing attention more on brainwashed idiots, also called terrorists, and keeping them from hurting themselves and the world. But this naturally raises a question: who will guard the guardians? Who makes sure the NSA doesn’t go off-track and beserk? The president of the US of A? (Please wait while I laugh my heart out) For some reason, I do not think that either… 
Leave a Comment