Amanda Rousseau
Encryption is the key to our digital privacy. It keeps eavesdroppers from reading your private conversations and checking out which sites you're visiting. It's important enough that iOS and Android will encrypt your entire device just in case it falls into the wrong hands.
But the mass adoption of encryption has also become a thorn in the side of law enforcement and other government agencies. So their reaction has been to develop methods to either crack or circumvent encryption. A good reminder of that strategy was found in a code-breaking project that was accidentally exposed to the open internet. Ironically, the file that were stored on a backup drive connected to an NYU server weren't encrypted.
The Intercept reports a joint project of IBM, NYU and the department of defense called "WindsorGreen" was found by a security researcher looking for open devices on the internet. The program details a system rife with the kind of complex math needed to take down encryption and brute-force passwords. The code-breaking project seems to have been in development between 2005 and 2012 with a suggestion within the documents that it would not be ready until 2014.
While the documents describes an incredibly powerful code-breaking project, according to what hacker and computer researcher Andrew "Bunnie" Huang told The Intercept, if you're using the latest encryption, you don't have anything to worry about. "Even if [WindsorGreen] gave a 100x advantage in cracking strength, it's a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256."
At least when it comes to this venture. Who knows what's currently being developed?
The story is an interesting read and a cautionary tale about being extra diligent when setting up your network and remembering to encrypt everything. And be doubly sure to encrypt your potentially top secret files about cracking encryption.