The security of the internet is based on the fact that it is difficult to factorize large semiprime numbers. That is to say, if you multiply two large primes together, you will get a very large semiprime number, and there is no efficient algorithm for determining its two prime factors. By "large", I mean a prime with 100 digits or more. If you can find a 100-digit prime the CIA doesn't know about yet, they'll pay you $10,000 for it. Also, the fact that the CIA has a such a database suggests they or perhaps another agency are interested in decrypting internet traffic.
If there is such an algorithm, it would be able to determine the private keys associated with every public key, and those are limited in number given the rarity and difficulty of finding sufficiently large prime numbers. Once the private and public key pairs are known to an unauthorized user, that person would have access to everything that was previously private and encrypted. The effect would be like having everyone's username and password for every online account. Since this would be the end of online privacy, I have dubbed such a technique the Ragnarök Algorithm.
Depending on the nature of such an algorithm, using even larger prime numbers could be an effective countermeasure for a time. The general pattern of cryptography is that codes produced by machines can be broken by machines. Indeed, this is how the modern-day computer came to be. All the cipher machine codes used during WW2 were broken by mathematical analysis and by primitive computers. In fact, the Japanese codes were broken before the war started. The American cipher machine codes were broken next, which is why the Navajo code was introduced. The German cipher machine codes were broken last.
During the early 20th century, the British controlled most of the undersea communication cables and had taps on all of them. This allowed them to keep track of the movements of foreign navies. Today, about 70% of the world's internet traffic passes through Ashburn, Virginia. Most of the rest passes through New York, London, and San Francisco. Do you think the US or UK might tapping the fiber optic cables used for internet traffic? It would certainly be easy and advantageous for them to do so.
It's also worth noting that end-to-end encryption is only secure on an uninfected device. As soon as some spyware has been loaded on it, everything done on that computer or phone can be monitored.
Good cryptography is hard and new attacks are always being devised. Whoever has the best mathematicians will win.
No comments:
Post a Comment