Boston IT Security Experts Discuss WikiLeaks Encryption and Data Security

Brian St. Marie - Sr. Systems Engineer

WikiLeaks has been in the news quite a bit lately, as has their founder’s “insurance” file, an encrypted document which the founder threatens to have decrypted if anything happens to him.  Today, CNN posted an article discussing the security of this file.  Their expert source, Hemu Nigam, is quoted as follows:

"Most of the time, you see a 56-[bit]key encryption. That's considered secure. When you are using 256, you are sending a message: 'I'm smart enough to know that you will try to get in.'"

Unfortunately, Mr. Nigam is way off or CNN drastically misquoted him.  The 56-bit encryption Mr. Nigam is referring to is the Data Encryption Standard (DES) developed in the 1970s and widely used until the early 1990s.  However, the encryption was successfully cracked first in 1999 and can now be cracked, on average, in less than a day.  It hasn’t been considered secure for many, many years and was replaced first by Triple DES (3DES) in the 1990s, and more recently by the Advanced Encryption Standard (AES) in 2002.  3DES typically uses a 168 bit key, but is much less commonly used these days.  AES, which is the most common encryption algorithm in use, typically uses a 256 bit key, which is exactly what was used to encrypt the WikiLeaks file.  This is the same encryption any user could expect from Windows Encrypted File System in Microsoft Windows Vista or Windows 7, or Symantec Backup Exec System Recovery encrypted backups.  In fact, it’s relatively easy to configure most products to use even 512 bit AES encryption, with relatively little impact on performance.

What this means is that if you use encryption in your business or even at home, you too are likely enjoying the same high level of security as WikiLeaks; the same security that has many of the largest governments in the world spinning in circles with no way to access any of the information for at least the next several decades.  That’s not bad insurance for anyone!

If you’re concerned about your data’s security or curious about how to improve it, feel free to Contact Us for a security consultation.