A call for stronger key lengths

I remember when a 128-bit SSL certificate meant that my transaction was secure. Now we’re wondering what gaps in the security there may be, even when looking at 4,096 bit encryption!

When we’re talking “key length” – we’re talking about those number of bits we use to “measure” encryption for every day purposes. A key allows you to then decrypt the encrypted data (a file, a picture, a credit card number, etc…). With good security practices the key is not related to the crytographic method used to obscure the data, it is merely what allows you to then decrypt the file. Kind of like how your car key doesn’t actually start the engine, it just triggers the ignition to do the rest for you. A higher “bit value” means there are more possibilities for each key, the integer multiplied by powers of two.

All of that aside, when we talk about something being “4,096 bit” – currently considered highly sophisticated encryption – we’re still only talking about a comparitively small amount of data. CPUs are getting faster by leaps and bounds. Memory is so widely available that sloppy coding has been “Standard Procedure” for over a decade. Storage drives are getting physically smaller, while storing more data than ever before in human history. You can walk in to a store and buy a 3TB hard drive. In the 1980’s, terabytes were still theoretical measurements. So I ask – why are we “settling” for encryption like 4,096 bit? Shor’s algorithm seems to be on path to crack every password and read every encrypted document that you’ve ever created, so why not lock things down tighter.

Google has stepped up encryption plans in response to the NSA news going public, but that is only half of the battle. It is also nothing more than a PR battle – Google knew what was going on, they were the ones who complied. To make a sudden scramble and speed up their implementation is only for show, it’s not like they were as surprised about the leaks as the rest of us. It just irks me that they’re going for brownie points with this stunt, being so public about it.

I believe that everything should be encrypted, all the time. HTTPS shouldn’t be necessary anymore, HTTP should simply exist as a secure platform. As should all of the data stored on your computer, and on the web. After the revelations that these large companies have been buddy buddy with the NSA, it’s safe to assume that things like Microsoft’s “Bitlocker” encryption isn’t enough. We need something better, something open source and publicly verified by many independent voices. And not only that, but something that is strong. If I used 2:1 encryption on every files on my hard drive at work, I would still have a massive amount of free disk space. Computational limitations of encryption are of no concern to nmost people as memory, storage capacity, processing power, and bandwidth get larger and larger. Take my 60GB of data, wrap it with 120GB of fluff, so now I have a total of 180GB sitting on my disk drive. So what, I still have 820+ free gigs of storage!

As encryption gets better, crytographic keys need to become stronger. Eventually we’ll move beyond passphrases and keys, passwords and PINs… voice encryption, retinal scans, and finger print identification… those are possible, and just the tip of the iceberg when it comes to security. Heartbeats, thoughts, even the way we breathe are all being experimented with as methods of identification. But who knows what it will take to ensure our security and privacy in the future.

Why an iPhone 5C could be a bad idea


photo credit: Sonny Dickson

Today, I expect Apple to make a mistake. Now, I could be wrong, but here is my brief prediction for today’s press conference.

Apple will announce the new iPhone “5S” – faster than the iPhone 5, 128 GB of storage, and available in traditional white, black, and the new Champagne Gold. Distinct from that will be the iPhone “5C” – a phone nearly identical to the current iPhone 5, but available in a variety of new colors, similar to the old iPod lineup. A rainbow of color available, but on an underwhelmingly basic phone.

Why this is a mistake: Apple is simply leaving money on the table. While I have no doubt that people who already own the iPhone 5 would drop everything just to have a green or blue or pink iPhone 5 (and thus Apple is still going to make money) those same people would also love to have the “upgraded” and higher performing “5S” type model. But the 5S, I believe, is going to remain exclusive, and only be available in one new color – so that the elite status of the iPhone 5S owner can be shown off.

Others have made similar predictions, but I seem to be the only one out there who thinks this is a terrible idea on Apple’s part. Microsoft just picked up Nokia and is going to start gaining steam. Google already has the Motorola team and is working on future Nexus devices. Competition is heating up, and the iOS7 announcement didn’t seem to really “do the trick” for a lot of people. Apple’s responsibility to its shareholders is to profit as much as possible. The person who wants a cool color can also be the person who wants a faster phone. Again, my prediction is that the 5C will be more budget priced and the specs will be nearly identical to the existing iPhone 5, but the “5S” that is likely to launch with the new champagne gold color I expect to add a little bit of CPU performance, possibly even 128GB of storage, because, why not? So will Apple actually make this mistake? Or am I off base and all of the speeds, and sizes, and color options will be available to all buyers? We’ll find out. But I’ll tell you one thing: I expect sales of clear iPhone cases to rise!

How to move away from x86 and into the future

I recently read an interesting take on Why Intel can’t kill x86. Even video game console manufacturers are encountering the same issues. The solution I’m about to propose must have been proposed a hundred times over, but I think now is a good time to revisit it. Virtualization and emulation. Let me explain. Continue reading “How to move away from x86 and into the future”