Passwords And Encryption

The old native state of stored data (and even data nowadays on unencrypted drives) was creating a sensitive situation for government computers.  This is where the boost of encryption really got underway as more and more connectivity was gained between computer systems and more security was needed to prevent hacking situations.

It’s a very interesting thing to read about, and as you’ll be able to tell, we’ve certainly come a long way in terms of computer security.  Check out this excerpt from the 1980’s and how encryption was just starting to get used on a larger basis.


“Password Weaknesses

The principal difficulty with that type of system control is that once access to a user’s password combination has been gained, all the information stored under that indentification is available. There are no intermediate firewalls of protection for storing particularly valuable information or for storing each valuable piece separately.

Present means for securing communications between systems are either non-existent or involve point-to-point link level encryption. While the Data Encryption Standard (DES) can encrypt and decrypt data on a point-to-point basis, the native state of stored data is plain text and not cypher text.

The integrity of the system’s administration must be trusted to present plain text to the link-level communication wire where encryption can be performed.

That communication has the drawback of requiring absolute identification of the transmitter.

At certain times in a point-to-point communication, it is possible for an intruder to masquerade as the transmitting authority, implicitly validating the transmitted data while preserving the opportunity to copy or modify what is to be sent.

Encrypted Storage

The only practical solution is to encrypt data as it is initially stored. Using different encryption keys allows a user to subdivide information in a finer granularity, so that access to one piece of data does not mean access to all pieces.

Data is transmitted in cypher text in all of its local forms and when sent to remote locations. Only through the use of a decryption key under the explicit control of the original encryptor of the data does clear text become available to anyone.

Public key encryption offers additional benefits that make end-to-end encryption attractive. In public key systems, two keys are created, one of which is kept secret and the other made publicly available. Either key may encrypt or decrypt data.

If one key is used to encrypt data, only the corresponding opposite key may be used to decrypt the data. By encrypting data with the private key in the first place, the data is digitally “signed.” Because only the corresponding public key can decrypt the data, the original encryption operator can be precisely identified.

Service industries such as financial, legal and medical institutions where confidentiality of data is a top priority have found the public key encryption process advantageous. Because different service elements can encrypt different data for different users by their public keys, only the private keys available to each user can successfully produce plain text.

No systems in general use provide that kind of integrated data encrypt/decrypt tools. Public key systems suffer from a large computation requirement to encrypt or decrypt data. A tool with large computation capabilities needs to be made available on a variety of different vendors’ equipment.

It is the system designer’s responsibility to provide the tools to secure data within a system. One way is with end-to-end encryption. The designer must face its processing overheads, particularly with public key methods.”

Holmgren, Steven F. “Combined effort is needed to combat data tampering.” Government Computer News 17 July 1987: 76+.

Bill Gordon of We Hate Malware has written at length about spyware, malware, and other computer threats.  He believes that a quantum state of data storage is what is next for the next level of security, especially as quantum computers of the future will be able to break present-day encryption standards in a matter of seconds.

It’s a very interesting field and one where the security arms race is just heating up!