We’ve been told by people who know (or at least by people who say they do and we believe them) that all publicly available encryption has been cracked by outfits like the NSA. That’s probably true. Think about it; if you’re part of something that has the ability to print unlimited amounts of money, you can afford to hire the smartest people in the world and have the coolest gear. Who knows, maybe you were able to get your hands on some of the out-of-this-world goodies from those alien spaceships at Area 51? ;-)
Back to the nuts and bolts. Here are some of the different kinds of public and proprietary encryption we use here at Unsene, with a description of what it’s good for:
• SSL – this is the original encryption used for commerce (when you use a credit card online). We’re using 256 bit for the entire web site, so this is the minimum encryption for everything, in fact it’s also used in addition to the other encryption on our web site.
• RSA – public / private key that is very useful for many functions that involve sharing things publicly that someone can respond to and you are the only person who can read them. This is an asymmetric key, meaning it is different on both sides and we use RSA 2048-bit.
• AES – a symmetric key that is considered to be very strong. We’re using the 256 bit version for the free version of our site, which is the maximum bit key size for this algorithm. We believe this is broken by the NSA and we believe it’s either real time or near real time decrypt-able.
• XAES – a more secure and advanced version of AES, ours goes up to 4096 bits, which is über-strong. Unlikely to be broken as this has been customized from standard code libraries that aren’t widely known.
• OTP (One Time Pad) – Extremely secure because a key is only used once, then it’s thrown away. Each individual message uses a different key, so if the key is broken, the bad guys will only get one of your messages, not the whole chain. This is especially secure if you pass the keys face to face on a memory stick or if two people already know some non-public information that can be used to generate a key on each of their devices. With a sufficiently long key, it’s theoretically unbreakable. Downsides: Not convenient as you need to meet in person and difficult to manage for groups, as you’ll have to coordinate keys and lots of people. This will be added to the site within the next 60 days at least for text chat and file transfers.
Here’s why we think many of these encryption algorithms are cracked;
• The largest governments have big research programs with oodles of money to figure out this problem, they’ve been doing this as long as there were spies (forever) and they have armies of very smart people to figure stuff like this out. If the NSA has something, you can bet the Chinese, Russians and a few others have stolen it. That’s a safe bet.
• These entities want something complicated enough to keep others out, but easy enough for them to get into. Your secret is safe with them.
• They are using computer technology that’s at least 30 years advanced over the computer you have, including quantum computers. These computers are at least 10 billion times faster than what you use. If someone says “that’ll take 30 years to crack”, they mean you’ll have to take 30 years to try all the possible keys. With a quantum computer, that’s less than a second. Even Google is now buying quantum computers, this one for $10 million.
• Public domain encryption wouldn’t be allowed into the pubic unless it was cracked, because they wouldn’t be able to spy on you. They wouldn’t be promoting something as good unless it was easy for them to get into it. They’re spies after all.
What does this mean? If you are trying to avoid the run of the mill hacker, or the high school kid, or a business trying to get confidential info, you’ll probably be OK with RSA and AES, but if you have something that governments or the largest corporations want to know about, you’ll need something much stronger. There are no guarantees that something is “unbreakable”, because eventually, even the strongest encryption succumbs to technology and the human mind. If you have something so important you can’t take any chances (your treasure map!), you probably shouldn’t put it on a computer anywhere.
Keep in mind, encryption is only one piece of the puzzle, a very important one. This provides security for your information while it’s “in transit”. It does nothing to protect your computer and the spying that can take place there. “They quite literally can watch your ideas form as you type,” an unnamed intelligence officer told Barton Gellman and Laura Poitras of the Washington Post. There’s another solution for that problem, a personal firewall.Read more