The tao of security and privacy are that you have what you have only.
No security or privacy methods are ever 100%, not ever. In other words, it is absolutely true that no encryption method exists which will ever fully protect you. Actually it is a very dangerous thing if you were at some point to 'think' that something is private or secure.
Encryption is like a fence that keeps some things, but not other things, out (or in). The more expensive and elaborate the fence, the more difficult it will probably be to get through it. But *all* fences can be breached. Also the more wanted or desired the prize behind the fence the more it will be challenged.
This can be written mathematically as:
Investment in Protection systems
your relative safety = --------------------------------
Value of what is being protected
This is then the first law of safety, security and privacy.
So as quantum computers owned by the most powerful governments emerge which can run very much faster than conventional computers, and as encryption methods are tested and some are broken (e.g. MD5 and Sha1), and also as methods of going around or over encryption are developed (e.g. search for 'Rubber-hose cryptanalysis', and 'black bag cryptanalysis'), some cracks, and actually giant holes in what we thought was secure have developed. But these are not real cracks developing, rather they were there all along, and we fell pray to believing that the first law above was suspended for a time.
I know this might not have been the answer you were looking for but I hope you will find it useful to get out of the mode of thinking there is something that will protect your data.
Now for the second law of privacy, safety, and security:
Security is relative and in a probabilistic way.
Just like in quantum mechanics where the math shows that you can't know where the electron is, that all you can know is the probability of where the electron is, well the same is true of security, privacy, and safety. It is *probabilistic*, but also, and importantly, in an a much larger organized system, which makes it *relative*.
For example, if your fence is bigger and stronger than the one next door, the probability is that you will be safer than those next door. When the attacker looks around, he is looking for the best use of his resources, and that is where the fence is lower, and the prize is bigger, and his chance of payback is greater. That does not mean he won't attack you. It just means the probability is greater that he won't attack you.
So all you can do is make your fence taller, and your prize smaller than those around you, and this will *probabilistically* make you and your data 'more' secure and better protected. But this is true only until your neighbors make their fences taller, and/or their prize smaller, at which point you will have to make yours even taller, ... and it won't protect you from the *randomness* found in the attacker's focus. In other words you can't know where the electron (attacker) is, only the mathematically probability of where he is.
Hope this helps someone. I have been studying these issues most of my life. And this is what I know to be true, .. so far.
No comments:
Post a Comment