Q
Problem solve Get help with specific problems with your technologies, process and projects.

Is destroying a decryption key a strong enough security practice?

Destroying a decryption key isn't the same as destroying the data, but which method is more secure? Expert Mike Chapple explains the best way to combat a future encryption flaw.

There's long been the idea that encrypted data is destroyed and is, thus, unreadable when the decryption key is...

destroyed. Lately, there's been a shift in this thinking because of the flaws and vulnerabilities in some of the widely used encryption protocols. Now many people feel that destroying the decryption keys isn't the same as destroying the encrypted data. Is it better to destroy the data or is destroying the decryption key enough?

Effective encryption renders data useless to anybody who does not possess the corresponding key for decryption. Organizations continue to rely on encryption to protect information, and they often consider the destruction of the decryption key as equivalent to the destruction of the encrypted data. However, history suggests that this may not be a prudent approach. Over the years, security researchers have discovered flaws in some encryption algorithms that had been widely used previously. Those flaws could have been used to "hack back in history" and gain access to sensitive information.

Consider a scenario where Alice, an HR analyst for a major corporation, sends an encrypted file to Bob, a payroll specialist. The file contains sensitive employee information, including Social Security numbers. Alice recognizes that the file is very sensitive and encrypts it using the "TotallyFlawless" encryption algorithm. Alice then sends Bob an email saying "Here's an encrypted file containing those Social Security numbers."

Mal, an attacker, manages to gain access to Alice's email and sees that the attachment contains sensitive information by reading Alice's note. Fortunately for Alice, the encryption prevents Mal from opening the attachment and seeing the Social Security numbers. Mal then files the message away for later.

Five years later, a security researcher discovers a flaw in the TotallyFlawless algorithm that allows the decryption of files encrypted using Alice's approach. The security community quickly reacts and people stop using the TotallyFlawless algorithm immediately.

When Mal sees this announcement, she remembers the file that she stole from Alice and then uses the new flaw to gain access to the encrypted files. Social Security numbers have a very long useful life to attackers, and Mal uses the contents of the file to steal the identities of several employees.

The bottom line? No encryption approach is totally foolproof, and almost every strong algorithm will eventually be defeated. Of course, we still need to exchange information, and using strong encryption is definitely the most secure way to do that. However, it's also a very good practice to delete files when they are no longer needed, just to hedge your bets.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Find out if attackers can steal decryption keys through radio waves

Learn how to avoid phishing emails that spoof top-level domains

Discover the right way to manage cloud encryption keys

This was last published in November 2016

Dig Deeper on Email and Messaging Threats-Information Security Threats

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you agree that destroying data is more effective than destroying the decryption key?
Cancel
I definitely agree with the position that the data should be destroyed versus simply relying on the destruction of the decryption key.  There is a long standing cliche in the security arena that a lock is only a delay and deteriant control; given enough time and resources any lock can eventually be defeated which holds true to encryption.  Moore's Law of computation has been blown away with the new speed increases in CPU, memory, etc; so in my opinion, Encryption is only a delay tactic, someone will get access to your data eventually.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close