SBN

Security risks of outdated encryption: Is your data really secure?

Introduction

They say that those who fail to learn history are doomed to repeat it. A salient factor in the defeat of Austria by Prussia in the 1866 Austro-Prussian war was the Prussian army’s standardization of the (then) modern, rapid firing, bolt-action Dreyse needle-gun. In contrast, the Austrian army persisted with the use of outdated (slow-loading) muzzle-loading rifles. And so, Austria was out-gunned, leading to a disastrous battlefield performance. This is an important lesson in not adapting to modern technological improvements and one that is pertinent to encryption applications.

It’s well-known that encryption algorithms rarely stand the test of time. This is partly because such algorithms are devised against a knowledge of the methods of attack and cryptanalysis that either exist or are envisaged at the time the algorithm is written. And so, as novel methods of attack are uncovered, hardware processing speeds increase and cryptanalysis develops, so too do encryption algorithms fall prey to new vulnerabilities.

There are many examples of outdated encryption algorithms, now considered dangerously obsolete. Some common examples are discussed here.

Types of encryption algorithms

An algorithm is only as good as the testing it goes through in the field. It is often that insecurities inherent in an algorithm only become apparent after many years of use. Let’s look at some examples.

Hash algorithms and collision attacks

Hashing is an umbrella term that encompasses methods used to encrypt data in a manner that cannot be reversed. Data passed through a hash algorithm produces a fixed size sequence of bytes, which should be unique for any data input. However, hashing is an insecure method.

Invented in 1991 by the famous cryptographer Ron Rivest, the hash algorithm MD5 was considered secure enough for most cryptographic purposes throughout the early ‘90s. Later, however, it was discovered to be totally (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/LvuPIbIYihY/