The encryption battle goes on…

Senator Cotton on Apple and encryption

The person lying here is Sen. Cotton. He want’s you to believe that Apple just invented some uber secret tech and they are selling it wily nilly to any terrorist that walks into the Apple Store. Apple hasn’t done that. They’ve followed the same process as every other tech company. They have driven the defects, (bugs), out of their software to improve the user experience for their customers. At some point in time, following this process will invariably fix defects that could be used to operationally compromise the security of your devices.

The basic security algorithm that Apple is using is called RSA. It’s not perfectly secure. An attacker with enough computer time can compromise RSA without the key very simply using only division. The problem for the attacker is that the user of the cryptography gets to choose how many division operations the attacker has to perform.

The horse has been out of the barn on encryption since sometime between 1977 and whenever personal computers became ubiquitous in the first world. This is not an opinion, it’s a fact. It’s based on the mechanics of RSA encryption and it should be understandable to anyone with a grasp of middle school arithmetic.

RSA works because I can hide anything within the digital domain by picking two very large prime numbers and using them as the basis of my personal secret key. I can multiply those numbers together and I don’t need to keep the multiplicand secret. In fact, some else can use the multiplicand to send digital information that only I can read. An attacker has to factor that doubly large number and the only way to do that on today’s computers is to try different division operations until they find the only one set of factors that works. Since multiplication takes much much less time on computers than division, I get to choose how much work my attacker has to do by tuning the size of the original prime numbers. There’s more to it than that but the Wikipedia article on RSA encryption is a great place to start.