Is all encryption equal? The million dollar question

September 17, 2019

The million dollar question ?

"Encryption" is a term used sporadically and often open to interpretation. To better understand what end-to-end encryption is we have created this little example to highlight why end-to-end encryption is radically different to encryption at rest, or in transit.

  • What is the largest "sum of data" criminals can steal?
  • How much brute force does it require?
  • How does the system behave if one entity gets compromised ?

These are a few examples that illustrate why end-to-end-encrypted tools like Wire have less points of weakness and much better protection against cyber criminals than traditional collaboration platforms or email.


Hide a million dollars

Imagine you are given one million dollars in one dollar bills and asked to store them securely in one of two ways:

  • Take the million dollars and put them in one safe with one access code
  • Take the one dollar bills and put them in separate safes, all with individual access codes

To guarantee minimum impact, should your code be compromised, most people would instinctively choose option B, yet in the IT world, most people choose A. Anything offering "encryption at rest" is nothing more than one secured vault with all your data. When compromised all the contents of the vault (in most cases a central server) will be out in the open, no matter who, or how many stored their content there. If, by gaining access, criminals would gain 1 million dollars, they would not bat an eye. However, if it requires the same effort over and over to gain only one dollar at a time, the reward is far less inviting.

Safety in numbers

No communication and collaboration system is static - new messages, calls, and files are exchanged every day. If we apply this to our safe example, and for the sake of comparison say that one file is worth one dollar, we now have these 2 options after 10 days:

  • One safe that now holds 10 million dollars
  • 10 million safes that all still hold only a single dollar each

Consider now that all files and communication are not equally valuable. Sure, all your communications in clear text are worth everything but one message here and another there, without any context, is far less likely to have any sort of value. The system of end-to-end-encrypted messages grows in complexity on a daily basis while the complexity of the central vault remain the same.

Place your bets?

In the end the challenge for a cyber criminal to find the valuable files to hold ransom, comes down to the following odds:

  • a 1:1 chance to find the crucial files needed for ransom
  • 1:1.000.000 to find that one crucial file

As time passes, end-to-end encrypted systems tip the odds increasingly in our favor.

Combine this with forward and backward secrecy, meaning that new encryption keys are used for each and every message, and it decreases the impact any compromised key could have.

Learn more about Wire's security or start a free trial to collaborate securely in your organization.

Back to all posts