SAN FRANCISCO–The cryptographers’ panel at the RSA Conference is not generally noted for its optimism. But amid the usual talk of mass surveillance and breaks in ciphers, several of the panelists sounded downright upbeat about the future of security.
The panel, which is just about the last remaining nod to the conference’s roots as a gathering of cryptographers, often wanders about, ignoring conventions such as answering questions and this year’s edition was no exception. Although the panelists spent a good deal of time talking about the NSA’s surveillance practices and government backdoors, the meat of the discussion was about how to improve the existing state of cryptography and security in general.
Whit Diffie, one of the creators of public-key cryptography, said that the current thinking in the industry needs to be adjusted. Assuming that every network is going to be penetrated and that all of our data will be spilled online is not doing us any good, he said.
“We have accepted the notion, I think mistakenly, that we can’t have vastly more secure systems and networks than what we have now,” Diffie said.
Rather than deciding that everything is terrible and broken, security experts and computer scientists should go back to the problems they were trying to solve decades ago and look at them again.
“I think we should go back to the basic issues and reexamine them,” Diffie said.
The mass surveillance debate has cast a long shadow over many security discussions in recent years, and has colored the way that people think about communications and device security, as well. But the revelations about the NSA’s methods and practices also has started a lot of discussions about encryption and the use of more secure communications protocols and methods. Moxie Marlinspike, a security researcher and creator of the Open Whisper Systems secure messaging app, said he sees some good things on the horizon in that regard.
“In some ways we might be winning the future of communications and mass surveillance,” he said. “It looks to me like the future of mass surveillance is overlay on existing services like Facebook Messenger and those are using encryption. There is some hope, I think.”
The panelists also said research on encryption protocols and algorithms is in a good place. Adi Shamir, one of the inventors of the RSA algorithm, said there is a group of researchers currently working on finding a hash collision in SHA-1 and he expects them to succeed. Soon.
“I fully believe that in the next few months we’re going to see a real SHA-1 collision announced by the team,” he said. “They’re well on their way to finding what they’re looking for.”