NOTICE: Branded Content
NOTICE: Certain versions of content (“Material”) accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.
Protect Your Assets
cancel

Fake News? — No, just fake encryption!

Fake News? — No, just fake encryption!

Security_Guest Absent Member.

Guest post by Phil Smith III, distinguished technologist and Senior Architect & Product Manager, Mainframe & Enterprise, at Micro Focus.

Reading a thriller by a well-known author this weekend, I was stopped cold by this gem: “They were encrypted with duodecimal algorithms. Virtually unbreakable”.

Fake Encryption.pngAs opposed to, say, AES (even 128-bit)? The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001, informs Wikipedia.

Just to be sure, I asked one of our big-brain crypto guys, who promptly replied, “The duodecimal system isn't quite as useful as the Esperanto language. Perhaps not even close to being as useful as Esperanto.”

It’s easy to dismiss the book as popular fiction, but the author is known for being careful technically. My suspicion (or at least hope) is that he knows better, but figured that after seeing one too many episode of CSI: Cyber, too much of his readership would expect a simple bit of jiggery-pokery to be able to decrypt the messages if they used “normal” encryption. Since keeping message contents out of reach of police was necessary to the plot, he made up this technology.

It’s a sad state of affairs when something like this seems necessary. Further to my previous post on educating folks about security, it’s disturbing to find that people think popular media is more accurate than experts.

If you’re interested in understanding why AES is not “crackable” in any realistic way, check out this nine-minute clip of former Voltage CTO Terence Spies explaining just how hard the brute-force attack that most people worry about would be.

And if you’re wondering about the duodecimal system, aka “dozenal”, this page is interesting, although its goals are wildly unrealistic. Much like adopting Esperanto, or a ten-day week, or even the metric system, this is definitely an area that computers have not simplified. When countries went metric in the twentieth century, things like weight scales could be adapted by applying a sticker, or even using a separate conversion table. Now, so much software and automation are dependent on the old system of measures that changing seems impractical.

So we’re stuck with Imperial measurements. And, for the time being, with AES—which is not a liability, as it remains a stalwart in the battle against attackers!

0 Kudos