The basic concept behind encryption, to many people, is that it prevents the “bad guy” getting to your data. This is one of those cases where over-simplification is your enemy.
Encryption in any form is not a means of preventing access to your data by the wrong person. It is actually a means to delay access by the wrong person.
Why? Well, think about how you break into an encrypted file. You have several options:
- Guess the password
- Beat up the person with the password
- Find somewhere where the data is not encrypted and get it from there (we’ll ignore that one as it’s not really about decryption)
- Find a flaw in the encryption process and break in that way
Each of these options carries costs:
- ethical
- financial
- time
In all cases, you can throw time at the encryption and you will definitely get through it. Or your descendants will, possibly in a much evolved form.
What is good enough encryption? Think about how long the information will be confidential for. We have a tendency to assume that confidential doesn’t come with an expiry date, but even Government classified files are usually released after 30 years.
If it’s about a possible hiring of an employee, then maybe after they are hired the information could even be published - thus the encryption only needs to hold for a few weeks. If it’s scurrilous rumours about a chat show host, then maybe a century later the information will be of no interest to anyone. Research data is often very confidential before publication- and at publication, the aim shifts to getting everyone to read the paper, and providing the raw data to enable the published results to be verified.
You could argue that it will be deleted before then - but the attacker will probably take a copy, so you deleting your copy won’t help.
The future also contains changes which we can predict (computing power increasing, and thus brute force cracking getting easier), those which we can guess (flaws found in currently accepted algorithms), and even those which we can’t imagine (???) which will affect the protected lifespan of a given piece of encrypted data. But we can handle those in part by ensuring that when we encrypt we prevent copying to unsafe storage environments.
That is the take-home message here: don't assume that encryption will protect you from choosing a dodgy place to store your information. Take into account the "confidentiality lifespan" of the information, predictable changes to the encryption landscape, and always apply the principle of defence in depth. No single security measure should be your only protection from disaster- layer your protection.
No comments:
Post a Comment