Skip to content

OPLIN 4cast #498: Future-proofing website privacy

Posted in 4cast

cryptographyFor the last couple of years, Google has been encouraging websites to use the HTTPS protocol to secure the traffic between the website and the website user. As of this writing, about half of the OPLIN Dynamic Website Kits have been converted to HTTPS, meaning any searches or entries people do on those websites and any data sent by the website to a user is encrypted to prevent eavesdropping. This encryption requires that the computer receiving the data have a valid “key” that pairs with a key held by the sending computer. These keys are too complex for current eavesdropping computers to be able to guess, which would make it possible to decrypt the data. But Google is beginning to worry about future computers.

  • HTTPS crypto’s days are numbered. Here’s how Google wants to save it (Ars Technica | Dan Goodin)  “Virtually all forms of public key encryption in use today are secured by math problems that are so hard that they take millennia for normal computers to solve. In a world with quantum computers, the same problems take seconds to solve. No one knows precisely when this potential doomsday scenario will occur. Forecasts call for anywhere from 20 to 100 years. But one thing is certain: once working quantum computers are a reality, they will be able to decrypt virtually all of today’s HTTPS communications. Even more unnerving, eavesdroppers who have stashed away decades’ worth of encrypted Internet traffic would suddenly have a way to decrypt all of it.”
  • Google tests new crypto in Chrome to fend off quantum attacks (Wired | Andy Greenberg)  So while a traditional computer might have to cycle through enormous numbers of possible keys, trying one at a time before it randomly guesses the key that decrypts an encrypted message, a quantum computer can try vast swathes of possible keys essentially simultaneously, collapsing those simultaneous states into one fixed state only after cracking a scrambled message. And that can mean the difference between deciphering a message in minutes or in millennia.”
  • Google is already fighting hackers from the future with post-quantum cryptography (Mashable | Stan Schroeder)  Google is using it [the ‘New Hope’ cryptography algorithm] on top of the existing crypto algorithm, in case New Hope turns out to be breakable with today’s computers. You read that right: The post-quantum algorithm protects you from hackers from the future, but it might be vulnerable against today’s machines. Conversely, the elliptic-curve algorithm Google is normally using might be worthless against future’s quantum computers, but it’s the best option against the computers of today.”
  • Google is working to safeguard Chrome from quantum computers (The Verge | Nick Statt)  The plan is not to create a standard for others to adopt, but to gather information and experience on how to deploy post-quantum cryptography. So Google will discontinue the use of New Hope within two years, hopefully by replacing it with something better, the company says.”

Articles from Ohio Web Library: