ID: IRCNE2013091952
Date: 2013-09-10
According to "techworld", though the National Security Agency spends billions of dollars to crack encryption technologies, security experts maintain that properly implemented, encryption is still the best way to maintain online privacy.
The Guardian newspaper and other media outlets this week published stories based on internal internal NSA documents that explain how the spy agency bypasses encryption technologies by using backdoors, brute force attacks, lawful intercepts via court orders and partnerships with tech vendors.
The reports, based on documents leaked to reporters by former NSA-contract employee Edward Snowden, suggest that many encryption algorithms now widely used to protect online communications, banking and medical records and trade secrets have been cracked by the NSA and its British counterpart, the GCHQ.
Steve Weis, chief technology officer at PrivateCore and holder of a Ph.D in cryptography from MIT, said despite the NSA activities, the mathematics of cryptography remains very hard to crack.
It remains unclear whether NSA experts have the ability to crack more robust encryption technologies, he said. "So far, I've not seen anything to suggest than an algorithm like AES (Advanced Encryption Standard) has been broken," Weis said.
The NSA may have been able to take advantage of flaws in key management processes that support the encryption, rather than cracking the cryptography itself, he said. It's possible that the NSA can decrypt financial and shopping accounts, but it can happen only if the cryptography was improperly implemented through faulty, incomplete or invalid key management processes, he said.
Most email, web searches, Internet chats and phone calls are not automatically encrypted, so the NSA or anyone else can merely scan online traffic to access them, he said.
The main vulnerability to encrypted traffic is key management, Jevans said. Encryption keys are long, randomly generated passwords that can encrypt and decrypt Internet traffic. "Stealing the key is like stealing a password," he said.
Despite the recent revelations, encryption remains the best way to protect online data, Weis contends.
- 2