It seems as though everywhere you turn lately, another story breaks revealing information about PRISM and Edward Snowden. And it just keeps coming. Snowden’s latest disclosure builds on the story that not only has the NSA partnered with cloud service providers to bypass encryption and access data on their international clients, but also that they have ‘cracked much online encryption.’ What does this mean for your security team? Should you quit using encryption?
The short (and long) answer is NO.
Interestingly, Snowden himself commented that strong encryption cannot be decoded by the NSA, and he was quoted by the Guardian during an online chat, "Encryption works. Properly implemented strong crypto systems are one of the few things you can rely on."
While the details are still murky regarding the NSA’s actual technical capabilities, Snowden’s recent revelations indicate the NSA has used a combination of endpoint security weaknesses, direct access granted by service providers, and potentially some mathematics to ‘crack’ the encryption used in SSL – the primary algorithm used for internet communications. But does this mean they can crack all encryption? No – or at least, not yet.