When you’re dealing with sensitive information in the digital realm, you encrypt it. That’s one of the most basic facts of security, right up there with controlling access and running regular audits. Sending unencrypted data between two points would be tantamount to walking through a windstorm bearing an open briefcase filled with privileged documents.
Unfortunately, while traditional encryption methods are perfectly capable of protecting our information, they’re anything but perfect. There are glitches. There are flaws, exploits, and backdoors. As the recent Heartbleed scandal so-unnervingly revealed to us, our information may not be quite as safe and secure as we think it is.
Factor in organizations like the NSA – which, if the rumors are to be believed, has broken strong encryption– and it’s no wonder so many web hosts, server administrators, and IT professionals are starting to feel nervous. After all, how long do we have until the technology developed by spy agencies falls into the wrong hands?
How long do we have until our information can no longer be considered secure?
Alright, that’s a fair bit of fear-mongering, I’ll admit. In truth, it’s fairly unlikely that any agency in the world has managed to break strong encryption quite yet, as much as they’d like us to believe that they have. It’s far likelier that there are other vulnerabilities – similar to Heartbleed – of which we’re unaware.
It’s still not a particularly comforting thought, is it?
Thankfully, there may be a solution to this issue on the horizon, in the form of something known as quantum cryptography. Bearing little relation to quantum computing; quantum cryptography is unlike anything the security industry has ever seen, and it may well be the most secure method of encryption ever developed.
Unlike traditional encryption methods – in which two parties share an encryption key – quantum cryptography sees the keys created by both sender and receiver. In addition, rather than encrypting information with complex, mathematically generated keys; data is encrypted at the quantum level, using photons. These curious particles have a great many interesting features, but we don’t really have the time to discuss them in detail here. Instead, we’ll focus on the most important aspect of a photon:
Once it’s been polarized, it’s effectively impossible to measure a photon without in some way affecting its behavior. What this means is that quantum encryption is essentially the first encryption system that actively guards against passive interception – if someone attempts to intercept a message that’s been encrypted in photons, they will inevitably alter some of said photons. This means that both parties will be aware that someone’s been listening in, even though the listener hasn’t actually managed to gain access to the data. What this means is that quantum cryptography is the world’s first truly unhackable encryption system – in addition to being a bit faster than traditional encryption.
That’s the theory, anyway – and a very pared-down version of it, at that. Quantum encryption is significantly more complex than I’ve made it sound here – and I want to emphasize that it’s still very much a theoretical technology. There’s a reason it hasn’t seen much use outside of laboratories at this point – it’s still a bit impractical.
There are a number of obstacles standing in the way of the method’s proliferation. Although we’ve made great progress in terms of reducing the technological requirements necessary to encrypt information at the quantum level, we still aren’t quite at the level we need to be – it’s still incredibly difficult, for example, to get the ‘detection’ side of quantum encryption right. What’s more, there’s still the issue of length – quantum keys can’t be as long as traditional encryption keys, as the photons will begin to interfere with one another.
It’s also not as secure as everyone thinks. As noted by Wired, no technology is truly unbreakable. The truth is that security researchers have already developed methods to exploit the encryption system’s own unique vulnerabilities – even if that involves going around the encryption and finding a hole in your firewall or blackmailing an employee for information.
Alright, so…quantum encryption is an extremely promising technology in theory, even if it’s not necessarily viable in practice. But what does it mean for web hosting? We still haven’t addressed that, have we?
I think it would be better to first address what it doesn’t mean. It doesn’t signify an absolute end to all our security woes –as we’ve already established, there will always be weak links in a system; vulnerabilities that a savvy hacker can exploit. Although it’ll enable you to provide your users with a more secure connection than ever before, it won’t make your entire site more secure.
It also doesn’t mean we’ve developed the world’s first completely un-hackable system; we just haven’t figured out how to crack it yet.
We’ll end on a high note. With quantum encryption, the transmission of data will be more secure than it’s ever been. It’ll also be faster – with the right tech, quantum cryptography requires significantly fewer resources than traditional cryptography. Lastly, it means that further security innovations might be just over the horizon – innovations which are most definitely relevant for a web host.