The Science of Concealment; The Art of Guessing
Ever since technology became "cool", there’s been a fairly steady increase in the amount of technical details that make their way into popular literature. For example, encryption, hackers, firewalls, and biometrics have all played prominent roles in at least a few of the best-selling works of fiction of our day. An interesting side-effect of this trend is the fact the veracity of these technical details depends directly on the technological competence of the work’s author. And as a general rule, writers of popular fiction are technologically incompetent.
One of the latest technical absurdities to catch my interest is one involving unbreakable encryption. The plot generally centers around the discovery on an encryption scheme so perfect that no one, not even the most powerful organization in the world, can break it. The implications of such a discovery are, of course, so potentially devastating to the intelligence operations of <insert powerful organization here>, that they focus all their efforts on destroying/containing the technology by any means necessary–usually involving a whole lot of chasing, explosions, and the demonstration of just how powerful this given organization is. As expected, gratuitous action ensues.
Of course, with a little technical knowledge on the subject, you’d realize such a scenario is virtually impossible, but not for the reason you might originally suspect. No, it’s not impossible to create an unbreakable encryption scheme. Quite the contrary, actually. Such encryption codes already exist. In fact, unbreakable encryption is the really the foundation of internet commerce. The tools are available and within the reach of any computer-using individual to encrypt a secret so completely that not even the most powerful organizations in the world could get to it.
Over the past 20 years, the science of encryption has evolved to the point that for an encryption scheme to be considered "strong", it has to not only withstand everyday use, but it also has to withstand any theoretical attack from a mathematical perspective. In other words, it’s has to be proven unbreakable in theory, not just in in practice.
The gory details of such a process are fairly uninteresting. But the implications are this: If an encryption scheme is a house, then an unbreakable scheme is one such that the easiest method of entry is always the front door–no matter how heavily guarded it may be. That is to say, the easiest way of decoding your secret document would have to be guessing your password, no matter how difficult that task me be. While theorists don’t like to say "unbreakable" or "impossible", Modern "strong" encryption is so difficult to break that doing so would require more energy than exists in the universe.
Suddenly, password guessing becomes a very attractive option.
And that’s exactly how they do it–when the government seizes the computer of a suspected criminal, they employ a huge network of their own computers to attempt to guess the passwords on any encrypted documents. They optimize their search by building a dictionary of words to try from the other files on the victim’s computer. The idea is that most people aren’t too adept at remembering passwords, so chances are you wrote it down somewhere.
Asymmetric encryption (also known as public-key cryptography), uses one password to encode a secret, and another one to decode it. This makes the CIA’s job all the more difficult. When you log on to your bank’s website, the computers encrypt the transmission without asking you for an encryption password (not to be confused with your account password). What is actually happening is your computer is picking a temporary password for that session–a random number, usually between 0 and 21024 (about 1 centillion, or around 1 googol3), which is a large and fairly unguessable number by any standard. Through the beauty of asymmetric encryption, you temporary password is never sent to anyone–not even the bank–and it is destroyed once you’re done with it.
Unbreakable? Yeah, you could say that.