Is Encryption Dead?
The word is changing at an amazing rate. The Internet of Things (IoT) is creating an avalanche of data about us that organizations are trying to manage and make some sense out of. Typically, organizations would protect this data in a number of ways, one of which was bound to be encryption. The key to breaking encryption lies in the factoring of massive numbers. Even our most sophisticated computers would take thousands of years to work through all of the possible permutations. So it must keep our data safe... or so we thought.
MIT has just unveiled a new type of computer, called a quantum computer which may be capable of overcoming the amount of time that it would take to break the encryption. With Quantum computing bits don't have to be one of the traditional "1" or "0" values. This provides the basis to execute logic that is massively complex and enables calculations to occur at speeds much faster than today's supercomputer. Currently, National Institute of Standards and Technology (NIST) specifies that Suite B cryptographic algorithms are secure. They are used by the NSA for protecting data. Suite B was announced in 2005. There is a corresponding set of unpublished algorithms, Suite A that are used in situations where Suite B may not be appropriate. This has generated concern at the NSA which has come out with a warning.
NSA has now announced that it is planning to transition to a new cipher suite that is resistant to quantum attacks. However, the NSA has not provided any additional details. NSA does state that "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition." With the Internet of Things (IoT) and Digitalization, organizations are faced with maintaining and securing vast amounts of data. Additionally, there are often many copies of data that are used for software development, analytics and testing that need to be managed and secured. Thought should be given on how we focus our efforts to protect this data. Clearly one size does not fit all!