Tuesday, 27 October 2015

Trust me, I'm an expert

According to the Barbara Speed (a technology and digital culture writer) writing for the New Statesman (a free online blog), I'm a "computer security expert". I don't know where she got that idea from - I don't remember claiming such a thing, at least, not recently. Although I do have a collection of Caro t-shirts that say "Trust me, I'm a computer security expert", which is, in case any literalists are reading this, meant to be ironic. When people ask me, I tell them that I'm a programmer. Still, it's nice of Barbara to give me that kudos.

It would seem that my blog post pointing out that "whether the TalkTalk data was encrypted or not isn't as important as the media seem to think", was noticed by Graham Cluley (author of Wibbling Wilf and many other fine games, and former programmer for the Windows user interface of Dr Solomon's Antivirus Toolkit) and reposted in his blog (with my permission, of course), and I'm guessing that Barbara picked it up from there, because she probably isn't among the small but select band that regularly read my essays. Although maybe she will be in future, because I often make posts that could be parlayed by the Big Media into clickbait. And maybe she did get it direct from me, because if she'd got it from Graham, it would have been nice for her to have said so, and she didn't say so.

Anyhow. Barbara does make one mistake - "encrypted data, is, by definition, more secure than non-encrypted infromation". That's not true. It isn't less secure, but it isn't necessarily more secure. Here's an example, taken from a data recovery that I did 25 years ago.

This was a situation where the hard disk had died, and the backup, on tape, wouldn't restore using the bundled software. However, I was able to read the tape, and dump the contents of the tape to a long file. Then I looked at the file, and it was obvious that it was encrypted. It was obvious, because nothing made sense. So I contacted the tape vendor to ask for the encryption algorithm and key. They refused - you can't really blame them. Although I suspect they refused because they simply didn't know.

So I looked at the contents of the file more carefully, and I immediately noticed that there were long sequences of hex 5A bytes. This must mean that this was encrypting long sequences of the same byte, and that the encryption must be so simple that it doesn't change from byte to byte. And if you've been doing data recovery for a while, you know that the commonest byte with long sequences, is 00. So if 00 encrypted to 5A, that probably meant that their encryption consisted of an XOR with 5A. Or, to put it another way, one glance that the contents of the file was sufficient to break the "encryption", and you can see why I put "encryption" in quotes. And I was right, and my customer got all his data back.

Encrypted data is not necessarily more secure than non-encrypted infromation.

No comments:

Post a Comment