April 06, 2016
Senior Manager Kevin Baker's article for The Legal Intelligencer discusses modern encryption systems and why passwords matter.
The FBI's request for Apple to unlock the San Bernardino, California, shooter's iPhone, as well as requests in other cases, has increased the media frenzy surrounding data security, passwords, privacy and our rights under the Constitution. Passwords are convenient and the most commonly used method to secure data, but simple steps must be taken to mitigate their inherent weaknesses. Understanding the process of how modern encryption systems work will provide an explanation of why passwords matter and the fine line the FBI asked Apple to cross by unlocking the cellphone.
Encryption is a complex mathematical process that is performed on data. When you encrypt a file, hard drive or other device, that data is transformed in a way that the data is unreadable without a specific code known as a decryption key. There are several factors that determine how secure a particular encryption method is, but the encryption used by any of the modern encryption systems cannot be reversed, cracked, hacked, or in some other way defeated without knowing the decryption key. However, most encryption systems rely on a user-supplied password to protect the decryption key, which in almost all circumstances is weaker than the encryption itself. When someone talks about cracking encryption, they are actually talking about recovering the password used to protect the decryption key.