One of the creators of Secure Socket Layer (SSL) encryption believes that the future of Internet security will see everyday users getting the short end of the stick.
The United States’ National Security Agency (NSA) has likely compromised SSL, one of the foremost methods of Internet encryption. In theory, this gives the organization access to everything from email records to online shopping history for almost all Americans, regardless of whether they are under any kind of governmental suspicion.
SSL is a common method of encrypting sensitive data online. Suppose you buy an item online. You enter your credit card information to pay, and the store receives your credit card information in order to charge you. Protocols like SSL ensure that while the data is en route from you to the vendor, all of your information is encrypted and inaccessible to malicious third parties.
Although cracking SSL encryption is a relatively new advancement, Paul Kocher, president of Cryptography Research, Inc., and one of the minds behind SSL, says that collecting information is nothing new. He believes the NSA has been working for some time to collect as much data as possible from people who would ordinarily be above suspicion.
“The NSA has for years been capturing and storing almost everything imaginable,” he told Tom’s Guide, “including massive amounts of data exchanged among Americans who are not suspected of any crime.”
Although SSL is one of the most common methods of encryption on the Internet, it is by no means the only one. Systems that employ longer encryption keys than SSL’s, for example, will prove tougher for the NSA to crack. Even so, better encryption will only hold out for so long, Kocher argued.
“Cryptographic improvements … may rein in some of the most indiscriminate collection of data, but the horrible state of endpoint security will prevent this from making much of a difference for end users on the Web,” Kocher said.
Read More: Here