Steve Pate
You are previewing premium content. Become an Insider to read the full article.

Regardless of the NSA, you still need encryption

September 12, 2013 6:00 AM EDT

It seems as though everywhere you turn lately, another story breaks revealing information about PRISM and Edward Snowden. And it just keeps coming. Snowden’s latest disclosure builds on the story that not only has the NSA partnered with cloud service providers to bypass encryption and access data on their international clients, but also that they have ‘cracked much online encryption.’ What does this mean for your security team? Should you quit using encryption?

The short (and long) answer is NO.

Interestingly, Snowden himself commented that strong encryption cannot be decoded by the NSA, and he was quoted by the Guardian during an online chat, "Encryption works. Properly implemented strong crypto systems are one of the few things you can rely on."

While the details are still murky regarding the NSA’s actual technical capabilities, Snowden’s recent revelations indicate the NSA has used a combination of endpoint security weaknesses, direct access granted by service providers, and potentially some mathematics to ‘crack’ the encryption used in SSL – the primary algorithm used for internet communications. But does this mean they can crack all encryption? No – or at least, not yet.

To continue reading, register here to become an Insider

It's FREE to join

Learn More

Already an Insider? Sign in