Friday, December 20, 2013

The first & second laws of privacy, safety and security

The tao of security and privacy are that you have what you have only.

No security or privacy methods are ever 100%, not ever.  In other words, it is absolutely true that no encryption method exists which will ever fully protect you.  Actually it is a very dangerous thing if you were at some point to 'think' that something is private or secure.

Encryption is like a fence that keeps some things, but not other things, out (or in).  The more expensive and elaborate the fence, the more difficult it will probably be to get through it.  But *all* fences can be breached.  Also the more wanted or desired the prize behind the fence the more it will be challenged.

This can be written mathematically as:

                           Investment in Protection systems
    your relative safety = --------------------------------
                           Value of what is being protected


This is then the first law of safety, security and privacy.


So as quantum computers owned by the most powerful governments emerge which can run very much faster than conventional computers, and as encryption methods are tested and some are broken (e.g. MD5 and Sha1), and also as methods of going around or over encryption are developed (e.g. search for 'Rubber-hose cryptanalysis', and 'black bag cryptanalysis'), some cracks, and actually giant holes in what we thought was secure have developed.  But these are not real cracks developing, rather they were there all along, and we fell pray to believing that the first law above was suspended for a time.

I know this might not have been the answer you were looking for but I hope you will find it useful to get out of the mode of thinking there is something that will protect your data.