Eating humble pie

Slow news weeks are a columnist's nightmare. My life would have been made a lot easier if another email virus had been unleashed or a Fortune 500 company's network had been taken over by a gang of teenagers.

          Slow news weeks are a columnist's nightmare. Granted, a lot of you have probably used the new year period to catch up on old business, load those patches you've been meaning to get to, dig through the paperwork and the emails piling up, and so on; but my life would have been made a lot easier if another email virus had been unleashed or a Fortune 500 company's network had been taken over by a gang of teenagers. In the absence of a readily identifiable topic -- or target, if you prefer -- for today's trip to the soapbox, I think it's time to serve myself some humble pie.

          You see, a couple of weeks ago I popped off on a subject many of my readers hold dear: cryptography. In writing about AES (Advanced Encryption Standard), I rashly predicted that it might take less than a decade to break. Judging from the email that's come in since then, I consider myself taken to the woodshed.

          It's my own fault, after all. I should know better than to attempt higher math while leaving my shoes on. So I will cheerfully concede that the logistics of attempting a brute-force crack on a 128-bit key -- to say nothing of 192-bit and 256-bit ones -- are formidable.

          But my point wasn't whether or not AES is secure; for now, it's the best you're likely to find, at least when you're looking at cipher systems that have the US government's seal of approval.

          I simply wanted to point out that betting against human ingenuity is a good way to lose. When you look at everything we've accomplished by applying our intellectual capital to a technological problem, it's clear that just about anything can be done with a big enough checkbook and plenty of brains per acre.

          But at least a few dozen of you missed my point. Bruce Schneier, CEO of Counterpane Security and author of Applied Cryptography, even accused me of being alarmist in a scathing letter that I hope is coming soon to a letters page near you. Sorry, folks, I was aiming more for a bridled world-weariness. If I had wanted to sow panic, I would have taken a different tack entirely. (Trust me: I used to cover high school football, and I can make an off-tackle run for no gain sound like the Battle of Gettysburg when I want to.)

          As a garnish of crow to go with my humble pie, I also apologise to anyone who was offended by my use of Moore's Law as mental shorthand to refer to the ever-increasing power of computer hardware, as opposed to its original purpose of defining the growth in the amount of circuitry that can be packed into a given space.

          Finally, I'm going to retract my prediction that AES would be brute-forced by 2010. It might take until 2015, or even 2020. But I still think that calling AES "unbreakable" is whistling in the dark.

          PJ Connolly covers collaboration, networking, operating systems, and security for the Infoworld Test Centre. Get this column free via email each week. Sign up here.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cryptography

More about Advanced Encryption StandardAES EnvironmentalCounterpane

Show Comments