Among the revelations brought to light by Edward Snowden (the ex-NSA contractor who leaked secret documents to the press), the idea that the NSA might be able to break most cryptographic codes protecting the Internet traffic stands as terrifying.

Whenever you visit a secured website such as Amazon, the connection is based on TLS/SSL (Transport Layer Security / Secure Socket Layer), an Internet protocol which encrypts any data exchanged between your computer and the server.

The entire security of this model is based on public-key cryptography: instead of using the same secret key to encrypt then decrypt your data (which brings the issue of securely sharing the secret key), two keys are used, one private and one public. Whereas your private key must remain secret, the public key may be safely shared.

This in turn is made possible by clever mathematics involving prime numbers. In short, the strength of public-key cryptography relies on the fact that it is easy to multiply large prime numbers A and B and get a result C, but really hard to guess A and B from C only (a task called* *Prime Factorization).

Well, this is what we thought so far. The thing is, even though Prime Factorization has been really slow to execute so far, there is no mathematical proof that it must be the case. It might just be that we haven’t found a way to do it quickly yet.

The NSA and its army of mathematicians may well have found a shortcut in the mathematics involved. And if that is the case, they would be able to easily decrypt the entire Internet traffic.

Terrifying indeed.

Resources

http://www.economist.com/blogs/babbage/2013/09/breaking-cryptography

http://www.wired.com/threatlevel/2013/08/black-budget/

http://en.wikipedia.org/wiki/Public-key_cryptography

http://en.wikipedia.org/wiki/SSL

### Like this:

Like Loading...

*Related*

If the NSA can so easily decrypt anything that flows through Internet traffic, that is a little unsettling. Well, seeing as they have probably been able to do this for a long time and I haven’t been intruded upon yet (as far as I know), it may not be too much of a concern. But just the fact that they have the capability to gain every piece of information about anyone gives me an uneasy feeling.

Yes, for most people I guess it’s not a big deal. But some stories have popped up about the NSA abusing this to spy on some companies for no apparent security reason, just plain old industrial espionage. For example : http://www.reuters.com/article/2013/09/09/us-usa-security-snowden-petrobras-idUSBRE98817N20130909