Paul Rubens reports:
“The solution to government surveillance is to encrypt everything.”
So said Eric Schmidt, Google’s chairman, in response to revelations about the activities of the US National Security Agency (NSA) made by whistle-blower Edward Snowden.
Schmidt’s advice appears to have been heeded by companies that provide internet-based services.
I especially appreciated the following statements in light of a conversation I had recently with a Henry Schein representative about the level of “encryption” their dental software provides:
Using a longer encryption key makes it harder for hackers or governments to crack the encryption, but it also requires more computing power.
But Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says many companies are overestimating the computational complexity of encryption.
“If you have an Apple Mac, your processor spends far more time making OS X looks pretty than it does doing crypto work.”
He therefore recommends using encryption keys that are two or even four times longer than the ones many companies are currently using.
“I say use the strongest cryptography that your hardware and software can support. I guarantee you that the cost of using your available processing power is less than the cost of losing your data because you were too cheap to make the crypto strong enough,” he says.
“No-one ever got fired for having encryption that was too strong.”
Read more on BBC.