IT - Encryption

Gartner takes a close look at security features, and in particular, the options available in cases where passive mode decryption is a requirement

"In the nearly two years since the IETF ratified the new TLS 1.3 standard for encrypting data, adoption of the standard has ticked up steadily, but many enterprises are still holding off. They fear that this new, strong encryption standard will negatively impact their ability to monitor their own environments for security threats, especially via common passive modes of decryption for traffic analysis..."

To protect communications in a future where quantum computers will be capable of cracking the prime number factoring that is the basis of today's encryption, the National Institute of Standards and Technology has selected 15 promising new approaches to encryption and data protection to form the core of the first post-quantum cryptography standard

"In December 2016, NIST issued a call for new algorithms that would be less susceptible to a quantum computer's attack. Within a year, it had received 69 submissions for replacements for algorithms dealing with public key cryptography for encryption, key establishment and digital signatures.

That initial group was narrowed to 26 in January 2019. Because the future capabilities of quantum computers remain unclear, the 26 candidates were built around multiple mathematical approaches..."


What do governments' abilities to access user data through backdoors and the future of encryption mean for software security/data privacy?

"Encryption technologies are the proverbial double-edged sword. If you ask anyone on the street whether they want their data to be secure from prying eyes, they'll likely answer in the affirmative. If you then ask them how that's accomplished, many will most likely say something along the lines of 'encrypt it'.

This connection is partly a function of how the internet evolved. Early on, there was no encryption for websites. No lock icon and no green address bar. Once the public realized their credit card information used for online purchases was being sent in plain text, businesses were pushed towards encrypting their transactions. Businesses seeking to prove that they were doing the right thing would have FAQ pages outlining the value of HTTPS. This process has been so successful that it's rare to encounter any website that doesn't encrypt its traffic..."

See all Archived IT - Encryption articles See all articles from this issue