Andrea Danti - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Is destroying a decryption key a strong enough security practice?

Destroying a decryption key isn't the same as destroying the data, but which method is more secure? Expert Mike Chapple explains the best way to combat a future encryption flaw.

There's long been the idea that encrypted data is destroyed and is, thus, unreadable when the decryption key is destroyed. Lately, there's been a shift in this thinking because of the flaws and vulnerabilities in some of the widely used encryption protocols. Now many people feel that destroying the decryption keys isn't the same as destroying the encrypted data. Is it better to destroy the data or is destroying the decryption key enough?

Effective encryption renders data useless to anybody who does not possess the corresponding key for decryption. Organizations continue to rely on encryption to protect information, and they often consider the destruction of the decryption key as equivalent to the destruction of the encrypted data. However, history suggests that this may not be a prudent approach. Over the years, security researchers have discovered flaws in some encryption algorithms that had been widely used previously. Those flaws could have been used to "hack back in history" and gain access to sensitive information.

Consider a scenario where Alice, an HR analyst for a major corporation, sends an encrypted file to Bob, a payroll specialist. The file contains sensitive employee information, including Social Security numbers. Alice recognizes that the file is very sensitive and encrypts it using the "TotallyFlawless" encryption algorithm. Alice then sends Bob an email saying "Here's an encrypted file containing those Social Security numbers."

Mal, an attacker, manages to gain access to Alice's email and sees that the attachment contains sensitive information by reading Alice's note. Fortunately for Alice, the encryption prevents Mal from opening the attachment and seeing the Social Security numbers. Mal then files the message away for later.

Five years later, a security researcher discovers a flaw in the TotallyFlawless algorithm that allows the decryption of files encrypted using Alice's approach. The security community quickly reacts and people stop using the TotallyFlawless algorithm immediately.

When Mal sees this announcement, she remembers the file that she stole from Alice and then uses the new flaw to gain access to the encrypted files. Social Security numbers have a very long useful life to attackers, and Mal uses the contents of the file to steal the identities of several employees.

The bottom line? No encryption approach is totally foolproof, and almost every strong algorithm will eventually be defeated. Of course, we still need to exchange information, and using strong encryption is definitely the most secure way to do that. However, it's also a very good practice to delete files when they are no longer needed, just to hedge your bets.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Find out if attackers can steal decryption keys through radio waves

Learn how to avoid phishing emails that spoof top-level domains

Discover the right way to manage cloud encryption keys

This was last published in November 2016

Dig Deeper on Email and Messaging Threats-Information Security Threats