But the mass adoption of encryption has also become a thorn in the side of law enforcement and other government agencies. So their reaction has been to develop methods to either crack or circumvent encryption. A good reminder of that strategy was found in a code-breaking project that was accidentally exposed to the open internet. Ironically, the file that were stored on a backup drive connected to an NYU server weren’t encrypted.
The Intercept reports a joint project of IBM, NYU and the department of defense called “WindsorGreen” was found by a security researcher looking for open devices on the internet. The program details a system rife with the kind of complex math needed to take down encryption and brute-force passwords. The code-breaking project seems to have been in development between 2005 and 2012 with a suggestion within the documents that it would not be ready until 2014.
While the documents describes an incredibly powerful code-breaking project, according to what hacker and computer researcher Andrew “Bunnie” Huang told The Intercept, if you’re using the latest encryption, you don’t have anything to worry about. “Even if [WindsorGreen] gave a 100x advantage in cracking strength, it’s a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256.”
At least when it comes to this venture. Who knows what’s currently being developed?
The story is an interesting read and a cautionary tale about being extra diligent when setting up your network and remembering to encrypt everything. And be doubly sure to encrypt your potentially top secret files about cracking encryption.