Home > Security > Security by Encryption

Security by Encryption

In The Security Oxymoron, I wrote about the possibility of an individual introducing security measures that seem inheriently reasonably but, when analysed, offer no additional security and at times even an increase in an organisation’s vulnerability.

An example is often more useful than a mere concept. The overall story is fictional, but I promise that the individual parts have been observed over the course of many years. It starts with the Datafile, a file whose existence was essential to the smooth running of the company, and were it to end up in an outsider’s hands the result could be catastrophic.

To ensure that the Datafile was stored as securely as possible, the following security mechanism was put into place:

  1. The Datafile was stored in a folder on the local network, accessible to all individuals in the company.  No ACLs were placed on the file, as the security enhancements that followed were deemed to be sufficient.
  2. The data in the file was securely encrypted (AES) with a passphrase, using a third party tool freely available on the Internet. The only access to the data would then be through this tool.
  3. For security, the chosen passphrase was around 20 characters, consisting of numbers and mixed-case letters. The downside of this was that the passphrase was meaningless and thus unmemorable for any individual in the company.
  4. To work around this, the password had been printed out onto strips of paper (little larger than the passphrase itself, printed at 14pt), and distributed to people’s desks by hand.
  5. An office move meant that the majority of employees lost their strips of paper. Nobody noticed.
  6. Because of the security in place, it was decided that no monitoring was required to ensure that the file was not, for example, copied onto a USB stick and taken to off-site where the same third party tool could be download and the easily-lost passphrase used to decrypt it with.

The suggestion that all encryption be dropped as counter-productive, and the file kept as plaintext secured with ACLs, was deemed ‘too risky’.

Categories: Security Tags: , ,
  1. February 22, 2011 at 2:26 pm

    Interesting but slightly scary at the same time! Comes back to the old phrase that a chain is only as strong as it’ weakest link. If the pass-phrase was printed in plain text then you may as well store the file in plain text…!

    Surely a simple way around this would have been to print the passkey backwards or to add 5 characters to the start or end – a user could easily remember to remove 5 characters from it or to reverse it without having to remember the whole phrase…

    I wonder if this is how government agency’s do it; Oh no, wait, they don’t print the passphrase out for people, they just leave their laptop’s on trains for them!


  1. November 17, 2011 at 11:19 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: