When users and managers misunderstand what technology can do, IT architects wind up with two problems. The first arises when people overestimate the state of the art and expect more than any IT department can deliver. The second arises when people dont realize how much a technology has improved, or how quickly its still improving, and fail to fully use it or protect themselves against it.
Flawed perceptions have to be recognized and addressed if theyre not to become obstacles to satisfying IT stakeholders.
Popular entertainment is a big contributor to widespread misconceptions. At some point, screenwriters need to catch up with reality. For example, were long past the point where any movie or TV series plot should turn on a characters success in breaking a code; we also should stop seeing depictions of people in the most remote locations having real-time links, 24-by-7, without needing pounds of batteries or ungainly antennas.
Ive recently seen the fallacy that codes can still be broken in my own family room, where two of my sons were watching an episode of "Enterprise," Paramounts prequel series to the original "Star Trek." The starships communications officer, whos a linguist rather than a mathematician, was kidnapped by aliens and brainwashed into helping them crack the codes of yet-another alien species.
With or without the aliens, this idea would strain the credulity of an informed viewer even if the story took place today. But its supposedly happening about 150 years from now, by which time I estimate that well be using 5,400-bit keys, based on guidelines suggested by crypto gurus such as Bruce Schneier and Ron Rivest. Their estimates of required key lengths, as described in Schneiers 1996 second edition of his book "Applied Cryptography," range from 619 bits (best-case method of Rivest) to 67.1 million bits (worst-case method of Schneier).
Thats a huge range, reflecting different assumptions about the progress of mathematical techniques on top of forecasts for improvement in computing cost-effectiveness. But both of these experts would agree, Im sure, that (1) any present-day mainstream encryption will be breakable for pennies in 2150 and that (2) no human cryptanalysis will be helping much in breaking the codes that will be common at that time.
Apart from making me bite my tongue while my sons enjoy decent science fiction, these crypto trends have present-day enterprise impact. As Schneier said in his book, "You dont want to stand up in court 20 years from now with a digitally signed document and have the opposition demonstrate how to forge documents with the same signature." More broadly, Ill say that you cant usefully ask or answer the question "How secure?" without the clarifying question "For how long?"