eSecurity Planet Reports: Best Encryption Software for 2022
Drew Robb / eSecurity Planet / 4 August 2022
QuSecure is proud to share a new article by eSecurity Planet. The article includes an interview with QuSecure’s Chief Product Officer and co-founder, Rebecca Krauthamer. It discusses the various strengths and weaknesses of cryptographic methods and products in use today.
Key points of the article include:
- In the decades since encryption became a standard cybersecurity practice, there has been a steady evolution of cryptographic methods. In modern methods such as RSA, a cryptographic “key” is generated and used to encode data so that it cannot be deciphered. This step is generally hidden from end users, but it is crucial, since hackers attempting to decode data must obtain this “key” to do so.
- Over time, keys have become longer in response to a growth in the ability of hackers to gain access to systems with a brute-force approach that tests many potential keys until the correct one is found. This will become much more threatening with the advent of quantum computers, which will be able to test multiple potential keys simultaneously and quickly decrypt data that is secured with modern encryption.
- To secure data against quantum computers, quantum encryption is required. This usually takes one of two forms: either Quantum Key Distribution (QKD) or Post-Quantum Cryptography. QKD leverages quantum-entangled particles to create a key, but is limited in range by this entanglement. This range limitation means systems separated by large distances tend towards PQC, which is encryption using math to generate a key, much like today’s encryption methods.
- The characteristic that makes PQC special is that it uses equations which quantum computers will be unable to solve to generate keys. As Rebecca Krauthamer said, “A more accurate name for PQC might be anti-quantum cryptography since it is meant to defend data against quantum computing hacks. A common misconception is that PQC is itself a quantum technology. PQC does not need any quantum computing technology to run effectively; it’s written in familiar coding languages like C and runs on today’s systems.” Just last month, the standardization agency NIST finalized a six-year search for a set of post-quantum algorithms for industry use. Read more about NIST here.
We especially liked this quote by Rebecca, who was asked why quantum computing is a threat now when a quantum computer cannot currently decrypt secured data: “The first major reason is that we don’t have a good sense for when such a quantum computer will be available, and since this type of upgrade takes time, it is important to start sooner than later so we aren’t caught flat-footed. The second reason is store now decrypt later (SNDL) attacks when a bad actor intercepts encrypted data and stores it until they have the computing power to break it. Organizations will need to start the process of upgrading encryption sooner than later.”