When is High-grade Encryption Not High Grade — When it’s ECB!
When It’s Easy to Crack Crypto …
Introduction
Encryption is one of the most fundamental building blocks in security and focuses on keeping data private for those who have no rights to it, along with proving identity and also the integrity of a message. Unfortunately, it is one of the least understood areas within computing. The reason for this is that there is a lack of understanding of the high-level requirements for the encryption, and it is often left to the cryptography algorithm to perform the privacy. This is worrying, as systems can be comprised by using a weak password to generate an encryption key.
So users can think they have a strong method of encryption, but actually, it is weakened by a basic part of the process. For example, if Bob selects a user password of “Bob” to generate or protect his encryption key, there’s a good chance that Eve will be able to guess this and discover his key. So Bob thinks he is safe, as he has been sold an encryption system which is “industry strength” AES 256-bit encryption, but actually he has as much security than a basic Caesar code would give him.
