The strength of any cryptosystem depends in large part on the unpredictability of the data used in the encryption process. Unfortunately, some of today’s most commonly-used sources of “random” data depend on inputs that have the potential to inject predictable data, and therefore weakness, into the process.
Low-entropy data sources produce encryption keys that can be attacked much more easily than a truly random key. Even high-performance pseudorandom number generators that have been certified as “cryptographically secure” may prove to be insufficiently random once large-scale quantum computers become available.
Full-entropy random data provides the highest possible security against potential key attacks. Even quantum computers, while they may be able to break the asymmetric keys currently used in public key infrastructure, are expected to be ineffective against truly random AES-256 encryption keys. Random number generators that measure quantum physical processes are able to deliver truly random data at speeds up to 1 Gb/second, effectively solving the entropy problem for government entities and other organizations that store and process highly sensitive information.
Latest posts by Marty Meehan
- Data-Centric Security and Zero Trust Architecture: - February 3, 2019
- Unstructured Data: Vulnerable, Uncontrolled, and Getting Bigger Every Day - October 1, 2018
- The Entropy Problem: Random Data and Secure Cryptography - July 30, 2018