“A false sense of security is the only kind there is”
-Michael Meade
In the epoch of technology and the internet, this particular quote rings painfully true. We read about black hat hacking being ubiquitous yet we don’t think twice before entering privileged information into a website whilst being connected to the free, unprotected airport wifi. Until recently, for years, we’ve utilized WhatsApp and Facebook to text people and have felt safe by adding a passcode to our phones while all that information ran through servers with no signs of encryption whatsoever. I believe the sense of security we felt doing all those perfunctory actions was not a great digression from that felt by Mary Queen of Scots when she decided to be party to the assassination.
When Singh says that “weak encryption can be worse than no encryption at all”, I believe he refers to the fundamental idea that when we encrypt something, we do it under the premise that the information stays protected and confidential and that feeling of safety brings its own set of privileges. However, violation of that safety can cause catastrophic repercussions which would not have occurred had there been no sense of safety in the first place. Coming to our example, Mary Queen of Scots was negligent in her parlance because she had faith in her encryption. If we were to hypothesize, for the sake of discussion, that there had been no encryption, she would have exercised far more caution and might have not said something damning enough to incriminate her in court. Her weak encryption, in a way, did more damage to her case than what would have occurred had there been none.
Coming to the implication of that statement, I believe there is more to it than what meets the eye. Mathematically, the transitive property dictates that if better encryption equals more safety and confidence, and more safety and confidence equals better language and more information, therefore, better encryption equals more information. However, by some disparity in the aforementioned, if that encryption turns out to be weak, the final quantity of the above equation might turn from your best ally to your worst foe. Thus, it is important to realize that cryptography will only work well if the there is a time factor involved and it is safest to always presume that in time, your code will be broken and to contemplate the consequences of that situation.
Leave a Reply