Another example of people not understanding encryption

The big hack at on-line game company Steam last year might not have actually exposed sensitive information becuse the data that the hackers ended up might actually have been encrypted. But according to a report at the 1Up web site,

Just because these hackers didn't break Valve's encryption yet doesn't make it impossible or prevent the criminals from selling the files to those who can.

Eh?

Let's assume that some sort of industry standard like 3DES or AES was used to encrypt this data. Cracking either of those requires so much computational power that it will be impossible anywhere on Earth in the forseeable future.

The most likely scenario for one of these algorithm being exploited is probably an encounter with aliens who happen to have extremely advanced quantum computers. And even then, cracking any symmetric algorithm is still hard enough to make it not worth the time and effort that it would take hackers to do it. Even if they're extremely advanced aliens.

So even though it's probably technically true that it's not actually impossible for someone to break today's encryption algorithms, it's extremely unlikely. You're much more to hear news about aliens landing than you are to hear about the encryption being broken. And it seems roughly as likely as finding accurate reporting on how hard it actually is to crack today's encryption.

  • Brian

    So brute force attacks on the data may be next to impossible, but the more likely scenario is that someone compromises the encryption system itself. If they got to the data, how can we assume they didn’t get the keys as well?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *