Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
because a product comes from a well-known brand name doesn’t mean it is
secure. In fact we should be waryy of popular brand names because theyy mayy
lure us into a false sense of securityy. You shouldn’t take the vendor at its
word.
Back in the 1990s, when I needed to encryypt myy Windows 95 laptop, I
chose a now discontinued utilityy product from Norton called Norton
Diskreet. Peter Norton is a genius. His first computer utilityy automated the
process of undeleting a file. He went on to create a lot of great syystem
utilities back in the 1980s, at a time when few people could understand a
command prompt. But then he sold the companyy to Syymantec, and someone
else started writing the software in his name.
At the time I acquired Diskreet, a product that is no longer available, 56-
bit DES encryyption (DES stands for “data encryyption standard”) was a big
deal. It was the strongest encryyption yyou could hope for. To give yyou some
context, todayy we use AES 256-bit encryyption (AES stands for “advanced
encryyption standard”). Each added bit of encryyption adds exponentiallyy
more encryyption keyys and therefore more securityy. DES 56-bit encryyption
was considered state-of-the-art secure until it was cracked in 1998. 8
Anyywayy, I wanted to see whether the Diskreet program was robust
enough to hide myy data. I also wanted to challenge the FBI if theyy ever
seized myy computer. After purchasing the program I hacked into Syymantec
and located the program’s source code. 9 After I analyyzed what it did and
how it did it, I discovered that Diskreet onlyy used thirtyy bits of the 56-bit
keyy—the rest was just padding with zeros. 10 That’s even less secure than
the fortyy bits that was allowed to be exported outside the United States.
What that meant in practical terms was that someone—the NSA, law
enforcement, or an enemyy with a veryy fast computer—could crack the
Diskreet product much more easilyy than advertised, since it didn’t reallyy use
56-bit encryyption at all. Yet the companyy was marketing the product as
having 56-bit encryyption. I decided to use something else instead.
How would the public know this? Theyy wouldn’t.
Although social networks such as Facebook, Snapchat, and Instagram rank
at the top when it comes to popularityy among teens, text messaging reigns
supreme overall, according to data supplied byy Niche.com. 11 A recent studyy