The quest for an unhackable code
http://money.cnn.com/2011/09/02/technology/unhackable_code/index.htm?source=cnn_bin&hpt=hp_bn5
I started to study cryptography quite a few years ago (more than 15) and very quickly came to the realization that ‘unbreakable’ codes are meaningless because it is so trivial to hack the rest of the system. Why bother spending billions on a farm of super computers when you can break into the target’s room and place a camera where it can watch the keyboard (presuming, naturally, you can’t just install a key logger remotely)? Even if it takes only a week to break encryption, why wait a week when you can be ‘breaking’ the code at the same speed the recipient is? On top of all this, it is well accepted in the cryptography community that any ‘unbreakable’ algorithm needs to be publicly available for people to analyze and the true number of people competent enough to meaningfully analyze such algorithms is tiny, probably in the dozens, certainly less than hundreds, and without them spending a few years trying to find weaknesses, any claims of ‘unbreakability’ are total hogwash. I am willing to put money that the guys mentioned in the article are amateur cryptographers and likely their algorithm has at least one hole large enough to drive a truck through. And, of course, as mentioned above, even in the unlikely event it really was unbreakable (whatever that means), it is no more secure than triple DES, let alone AES or any of the other accepted algorithms because of the silly-assed humans operating either end of the clear text.
I have argued with several people obsessed about quantum cryptography and what a waste of time I think it is. First and most critical, presuming the mere interception of the communication stream means the message can’t be decrypted (which is what I believe gets people so excited), then I already control your ability to send messages since I can deny you access to any message as long as I have access to it, which, naturally, means you are limited to secure communication channels to begin with making the whole point of the communication channel irrelevant. Second, no less than above, if I can easily (trivially) snoop the plain text at either end, then the strength of the cryptography is totally irrelevant.
I guess the article goes to show the depth of ignorance of the media that cover such topics. Anyone who understands the subject would realize there is no news here, nothing the slightest bit interesting.
