A call for stronger key lengths

I remember when a 128-bit SSL certificate meant that my transaction was secure. Now we’re wondering what gaps in the security there may be, even when looking at 4,096 bit encryption!

When we’re talking “key length” – we’re talking about those number of bits we use to “measure” encryption for every day purposes. A key allows you to then decrypt the encrypted data (a file, a picture, a credit card number, etc…). With good security practices the key is not related to the crytographic method used to obscure the data, it is merely what allows you to then decrypt the file. Kind of like how your car key doesn’t actually start the engine, it just triggers the ignition to do the rest for you. A higher “bit value” means there are more possibilities for each key, the integer multiplied by powers of two.

All of that aside, when we talk about something being “4,096 bit” – currently considered highly sophisticated encryption – we’re still only talking about a comparitively small amount of data. CPUs are getting faster by leaps and bounds. Memory is so widely available that sloppy coding has been “Standard Procedure” for over a decade. Storage drives are getting physically smaller, while storing more data than ever before in human history. You can walk in to a store and buy a 3TB hard drive. In the 1980’s, terabytes were still theoretical measurements. So I ask – why are we “settling” for encryption like 4,096 bit? Shor’s algorithm seems to be on path to crack every password and read every encrypted document that you’ve ever created, so why not lock things down tighter.

Google has stepped up encryption plans in response to the NSA news going public, but that is only half of the battle. It is also nothing more than a PR battle – Google knew what was going on, they were the ones who complied. To make a sudden scramble and speed up their implementation is only for show, it’s not like they were as surprised about the leaks as the rest of us. It just irks me that they’re going for brownie points with this stunt, being so public about it.

I believe that everything should be encrypted, all the time. HTTPS shouldn’t be necessary anymore, HTTP should simply exist as a secure platform. As should all of the data stored on your computer, and on the web. After the revelations that these large companies have been buddy buddy with the NSA, it’s safe to assume that things like Microsoft’s “Bitlocker” encryption isn’t enough. We need something better, something open source and publicly verified by many independent voices. And not only that, but something that is strong. If I used 2:1 encryption on every files on my hard drive at work, I would still have a massive amount of free disk space. Computational limitations of encryption are of no concern to nmost people as memory, storage capacity, processing power, and bandwidth get larger and larger. Take my 60GB of data, wrap it with 120GB of fluff, so now I have a total of 180GB sitting on my disk drive. So what, I still have 820+ free gigs of storage!

As encryption gets better, crytographic keys need to become stronger. Eventually we’ll move beyond passphrases and keys, passwords and PINs… voice encryption, retinal scans, and finger print identification… those are possible, and just the tip of the iceberg when it comes to security. Heartbeats, thoughts, even the way we breathe are all being experimented with as methods of identification. But who knows what it will take to ensure our security and privacy in the future.

Maybe the political divide ISN'T as bad as it seems

On this September 11th anniversary, I find myself reflective. It seems like every time I go on Facebook, someone is posting something politically charged. I’m guilty of getting involved in the conversations, myself, but it really does seem rampant. Even outside of election seasons. It’s like it never stops! But I’ve been thinking lately that maybe things aren’t as bad as they seem.

Facebook has allowed everything from rumors to facts to be spread with speed and ease never before seen. Insults fly back and forth just as fast as they did in “chatrooms” over a decade ago. It’s the fact that content doesn’t need to be generated, it can simply be shared, that helps account for the volume of armchair activism we see today. Clicking the like button or the share regurgitates the same message out to hundreds of your friends – no need to fact check or verify, leave that to someone else. It’s on the Internet, someone else must have referenced it – you can’t put it on the internet if it’s not true.

But all jokes aside, maybe things aren’t as bad as we have the impression they are. People are partisan. Even those who try not to be will undoubtedly have a vehement reaction to something, they just haven’t found their hot-button issue, yet. But the reason we think it is worse than it is, is because we are further outside of our comfort zones than we have ever been as a society. It’s not just 24 hours news networks. It’s not just access to websites that will always promote “your point of view” (this is the Internet, SOMEONE out there will agree with you, no matter what your views are). It’s the fact that we are suddenly “friends” with people we don’t see eye to eye with. Your “Facebook friends” aren’t like your “real life” friends. They are people you went to high school with, people you’ve worked with, people you went to college with. Some of them are friends of friends, or people you know from an organization or met at an event. Fifteen years ago, you would surround yourself with likeminded friends, the people you knew in high school or college and actually spent time with them. If someone drove you crazy, you would slowly weed them out of your day-to-day life, and just have polite conversations here and there. But here in 2013, you don’t want to “unfriend” someone because they could be offended – or if you’re stubborn, you certainly wouldn’t want to give them the impression that they “won” some kind of argument on the Internet!

I’m trying, very hard, to not have the same grim outlook that Jeff Jarvis has today. Maybe the political divide isn’t as bad as we think it is. Maybe we’re just finally seeing it for what it is. Maybe we’re finally able to see more than our own side. And maybe that’s a good thing.

Why an iPhone 5C could be a bad idea

photo credit: Sonny Dickson

Today, I expect Apple to make a mistake. Now, I could be wrong, but here is my brief prediction for today’s press conference.

Apple will announce the new iPhone “5S” – faster than the iPhone 5, 128 GB of storage, and available in traditional white, black, and the new Champagne Gold. Distinct from that will be the iPhone “5C” – a phone nearly identical to the current iPhone 5, but available in a variety of new colors, similar to the old iPod lineup. A rainbow of color available, but on an underwhelmingly basic phone.

Why this is a mistake: Apple is simply leaving money on the table. While I have no doubt that people who already own the iPhone 5 would drop everything just to have a green or blue or pink iPhone 5 (and thus Apple is still going to make money) those same people would also love to have the “upgraded” and higher performing “5S” type model. But the 5S, I believe, is going to remain exclusive, and only be available in one new color – so that the elite status of the iPhone 5S owner can be shown off.

Others have made similar predictions, but I seem to be the only one out there who thinks this is a terrible idea on Apple’s part. Microsoft just picked up Nokia and is going to start gaining steam. Google already has the Motorola team and is working on future Nexus devices. Competition is heating up, and the iOS7 announcement didn’t seem to really “do the trick” for a lot of people. Apple’s responsibility to its shareholders is to profit as much as possible. The person who wants a cool color can also be the person who wants a faster phone. Again, my prediction is that the 5C will be more budget priced and the specs will be nearly identical to the existing iPhone 5, but the “5S” that is likely to launch with the new champagne gold color I expect to add a little bit of CPU performance, possibly even 128GB of storage, because, why not? So will Apple actually make this mistake? Or am I off base and all of the speeds, and sizes, and color options will be available to all buyers? We’ll find out. But I’ll tell you one thing: I expect sales of clear iPhone cases to rise!

Nintendo needs to make a Cloud-Based Console

I would be down with the “N Cloud,” wouldn’t you? Okay, I know, I just made the term up – but the answer is obviously a resounding “yes.” Let me explain why I, and just about everyone I know, would jump at the opportunity to have Nintendo provide this service; when I say “just about everyone” – I’m even including Nintendo, themselves. Consider this an open letter to Nintendo: my proposal for the “N Cloud” service.

This console would be “always online” and designed to play the classics. It shouldn’t need to “stream” the games’ visuals, in the same way that the OnLive service does. But the games, and thus, your save states, could reside in the cloud, and be downloaded as needed. The service should offer the entire back catalog of Nintendo games. And I mean entire. Some games will take a while to come, because they haven’t been officially made available as online content before. But if it’s easy enough for a pirate on the Internet to get a ROM of the game, Nintendo has little to no excuse to not be making money from the title.

Nintendo could offer a select few games for free with a monthly membership – games that you’ll always have access to for just a base fee. Then they could rotate additional “free games of the month” throughout the year. You could unlock permanent access to a game for a one time fee of about $10. Nintendo not only has a huge catalog of first party games people know, love, and remember, but they should be able to easily get their lawyers to find a loophole allowing them to release nearly every single Nintendo, Super Nintendo, and Nintendo 64 game that ever existed. Remember, when it came to gaming’s earliest days, publishers didn’t just make games for the console, but the games were actually Licensed by Nintendo of America to appear on the console. They should be able to have the rights to a huge number of games.

The benefit to having your save in the cloud is obvious: how many times have you gotten the 101% in Donkey Kong Country, or all 120 stars in Super Mario 64 or unlocked all of the tracks in Mario Kart 64? Don’t lie. If you’re reading this article? More than twice. For each of those things. So why not have your progress always available, along with certain newer benefits that emulator-gamers have gotten used to, like Save States (save your game at any instant), or the ability to adjust the game’s speed.

The hardware would be inexpensive (it could be done on the Wii U, if they really wanted to). As a stand alone console, a follow-up to the Wii U, it might be wise to have a low-cost, high-profit margin option available to consumers, to rebuild the brand. Gamers have clammored for a service like this for years, and have taken to doing it illegally. Why it is still taking this long for Nintendo (and many other companies) to trickle out their “classics” line ups just a few at a time is beyond me. Where there’s a black-market, there’s a market waiting to be tapped.