The Buzzwords

How often do you hear statements like “The traffic between the client and the database server is protected with TLS protocol, so I absolutely do not worry about the privacy of the data being transferred.”? Or, “Our password manager uses AES algorithm to encrypt password database – no one has succeeded in breaking AES yet”. TLS, SSL, SSH, PKI, AES, MAC, 3DES… It is believed that if a system utilizes some popular security technology named in good-looking and incomprehensible way, such system must be unbreakable by default.

In his “Nineteen Eighty-Four” novel, George Orwell aptly described this problem by the example of Newspeak language. Shortenings and abbreviations make us lose the real meaning of terms. Psychologists say that it is common for people to trust abbreviations more than the equivalent “expanded” phrases.

In the process of development of a system it is absolutely necessary to clearly understand the features provided by the chosen security technology. Good-looking name or just a buzz in press must not have an influence on your choice. The developer needs to know all about the technology – the way it works, the provided protection level, requirements for the operational environment, and especially the shortcomings of the technology. The lack of such knowledge can easily destroy the gains of the use of the technology down to the zero.

In future posts I will concern popular information protection technologies and try to reveal the hidden meanings of opaque buzzwords.