Security "Bits"

Diluted Encryption

By Annie Wang | June 26, 2015 at 9:02 AM


I was once approached by a door-to-door salesman selling window wash concentrate. After dragging his fingeacross the porch window to show me the collection of dirt, he revealed a spray bottle with a darkish green tinge. He sprayed it onto the window and after a few wipes from his rag, the window had become crystal clear. “No streaks, fingermarks and, it doesn’t collect dust!” he proudly exclaimed.

I was informed that the spray bottle that was used contained only one cap full of concentrate - and that the bottle of concentrate could be used to fill up to 200 spray bottles. I was convinced. Subsequently after buying a bottle, I poured a cap of concentrate into the complimentary spray bottle that was provided and diluted the rest with water - just as the salesmen had instructed.

I remembered the solution he had used being darker than mine. A lot darker. I tried it on a window and upon seeing the results (or lack thereof), I tried pouring in more concentrate. The results remained the same. It didn’t take long for me to figure out that the bottle I was sold was just watered down window wash.

This circumstance is much like what we see with cloud encryption services today.
If your organization is deploying a cloud encryption service that boasts 256-bit encryption with “millions” of initialization vectors - heads up, you’re being sold watered down encryption:

  • One million initialization vectors = 20-bits

  • 256-bit AES encryption with one million initializations vectors = 20-bit encryption

In order to maintain functionalities like search and sort, these solutions are forced to limit the number of initialization vectors. 256-bit AES encryption with one million initialization vectors is effectively 20-bit encryption, which certainly doesn’t pass the requirements of any security conscious organization. How so? Limiting initialization vectors limits the effective strength of encryption and makes it subject to known plain-text attacks. In such an attack, the attacker submits distinct versions of a body of known words and intercepts the results, continuing until a body of all possible encrypted variations of a word are intercepted.

Bitglass offers unlimited initialization vectors, which means that customers receive full strength encryption all while maintaining full application functionality (including sorting, wildcard search, autocomplete, etc). 

Bitglass works.

New Call-to-action

Sukhmen Nijjar
Marketing Manager | Bitglass



see all