Thursday, July 2, 2009

Encryption as a tool to deny access to information

Yesterday I blogged about the minor break in AES and what effect this would have on encryption products like Check Point Full Disk Encryption (formerly known as Pointsec). In short, there is not practical effect and the product is still effective at protecting your data.

One of the things I talked about yesterday was that the purpose of encryption is not to protect some piece of information forever. That would likely be impossible as our computer power grows in strenth. Eventually the processes of simply trying every possible key combination will become trivial enough that an sufficiently old algorithm will no longer be effective. Instead, I said that one of the aims of encryption is to deny access to information until that information is no longer useful.

A stunning example is illustrated in this article I read today from the Wall Street Journal:

To summarize, a friend of Thomas Jefferson once sent him a letter with an encrypted block of text in it. I should point out that this friend was a professional in the field of cryptology as it existed in the early 1800's. The really interesting thing is that the encrypted block of text, which was encrypted without the aid of computers obviously, stoood up to professional examination for 206 years. The code was broken in 2007, but the article is from today. So even though the algorithm was successfully broken, it still served its primary purpose which was to deny access to the plaintext until that plaintext was no longer useful to the attacker.

No comments: