Welcome to our fully functional beta site. We welcome all comments
informed!
The Informatica blog - Authored by Claudiu Popa

Of secrets and bleeding hearts: How far have we really come?

Enigma Machine - Photo by Claudiu PopaIn the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages. Since German electrical engineer Arthur Scherbius (1878-1929) invented it at the end of World War I it was progressively developed over the decades to use additional rotors that vastly increased the difficulty of cracking its codes.
 
For much of the first half of the 20th century, the Enigma Machine played a key role in protecting secret communications between warring parties. Governments allocated phenomenal resources and rallied the best minds available in an effort to defeat this electro-mechanical device, built to protect the intangible asset that would determine the outcome of the modern world's most significant military conflict.
 
Breaking Enigma became a global race like no other and as early as December 1932, its secrets were cracked. The Polish government's team attributed the win to three military intelligence analysts. As the years passed, German military added rotors and complexity to the plugboard device to make it keep up with the times. In response, British intelligence created the massive Bletchley Park, impressively staffed both in numbers and in cerebral horsepower. The effort included one Alan Turing, widely recognized, as the father of computer science and later correctly credited with playing a major part in defeating the German encryption machine in the early 1940s.
 
And that's where romantics need to stop reading, because there's a bit more to the story that rarely makes the news.
 
Those without much time on their hands can be forgiven for not knowing that the Polish Cipher Bureau's accomplishment was catalyzed by the critical contribution of secret Enigma keys liberated from the Germans by a spy working with French Military Intelligence. And in the same breath we should mention that the Bletchley Park efforts were themselves assisted in no insignificant way by the Allied efforts to convince German U-boat crews to surrender Enigma rotors and keys, even as their vessels were sinking.
 
And so it was that the mighty Enigma's secrets were reverse-engineered using the keys stolen by a German spy named Hans-Thilo Schmidt and later by leveraging the pilfered data and equipment from U-110, U-559 and U-505.
 
Fast forward 60 years and right past some ill-conceived efforts by a certain government to weaken global encryption standards so they would have less trouble cracking the communications they had an interest in. Today's sensitive communications take place between browsers and servers that communicate politely after presenting certificates and exchanging keys. And of course, there exist clever cryptologists who assiduously study them, occasionally presenting influential papers on how they might be defeated.
 
The most recent of these situations began unraveling on April 7, when the world discovered that the only thing thought capable of still protecting sensitive communications from prying eyes on the otherwise open Internet has in reality been the equivalent of a paper sign with the sign "KEEP OUT (please)". It must be noted that much like the well-engineered Enigma machine long before it, the defeat of Web encryption has not been a design flaw, but a development and operational issue. As dictated by history, the weak implementation will be strengthened and clean up efforts for the Heartbleed Bug will continue to make the news, for now. 
 
And the elegance and lightness of this dance continues, punctuated only by the periodic gasp that follows each instance where secrets get unscrambled and private information again sees the light of day, invariably facilitated by the theft of keys and cloning of certificates rather than the unadulterated purity of an applied mathematical method.
 
(Note: I took the above picture of the Enigma Machine exactly 10 years ago, in April of 2004 at London's Imperial War Museum)

In the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages....
Bleeding hearts unite, the OpenSSL Heartbleed bug threatens to impact user privacy and business security online. There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to i...
Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder compan...
Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potent...
Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of im...
Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affecte...

Welcome to Informatica

Be Secure.

Be Trusted.

Follow us on