DOC RABE Media - Fotolia
Encryption has long been upheld as the gold standard for data protection. Enterprises apply cryptography to encode high-value information, so only authorized users can access it. Simply put, when encryption is applied to protect communications, the message is scrambled, so unauthorized users can't intercept it. Only authorized users with the right keys can unlock and unscramble the message.
Hackers hit back
Unfortunately, as with virtually every other IT security mechanism, hackers have found ways to crack cryptocodes, breaching what is commonly thought of as fail-safe protection.
While encryption codes can be difficult to crack, increasingly sophisticated cybercriminals are applying technology to accelerate the process. Armed with reverse-engineering tools, hackers can file through billions of key combinations in seconds. Increasingly, hackers also file away encrypted messages to crack later.
Perfect forward secrecy and other techniques
When hackers steal the private keys, they can unlock data from both encrypted future and past sessions. Cryptographers came up with a scheme to safeguard past-session data in the 1990s, but it was not widely implemented until well after the turn of this century.
That scheme, perfect forward secrecy (PFS), uses a mechanism to create a new key every time a user sends a new instant message. Today, it's primarily used to secure data communications in messaging apps, but its use is not widespread in other areas of web communications. Though every current browser can initiate a PFS session, many HTTP sites aren't compatible.
Perfect forward secrecy support on a site can be tested with tools. Users can also apply other good practices to avoid future issues, such as deleting decrypted messages or moving them to a more secure device.
Double ratchet, meantime, is used to underpin secure mobile messaging apps, like Wickr and Signal. Double ratchet attaches a new encryption key for every individual message, even if the message is part of a string between two individuals.
Tools like these will help enterprises ensure their mobile data is protected, but organizations will always have to exercise an abundance of caution when sharing private information -- even when those communications are encrypted.
Dig Deeper on Network Security Monitoring
Related Q&A from Amy Larsen DeCarlo
A significant shortage of cybersecurity staff, poorly configured firewalls and unmanaged end-user mobile devices are some of the top network security... Continue Reading
Fine-grained application monitoring can defend against a long-tail DoS threat. This new kind of vulnerability manipulates service queues within a web... Continue Reading
Several methods and metrics measure network performance and throughput. But IT needs to gauge these measurements on a consistent basis to avoid major... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.