This is an article that I published April 27th, 2009 on my old blog. I think it’s an interesting topic, so I decided to bring it here.
Let’s say that you wanted to access my email account by guessing my password. What would you guess? “babyKittens35″? “2Hot2HanDoH!”? “zW4fa23s”? Without having any clues to help you start guessing mine, or any one’s password is impractically difficult. Even using a modern computer to guess for you, it could take literally millions of years to try all the possibilities (that seems like a lot, but amazingly it’s true!). It’s pretty safe to say that you will never guess my password. (Note: That is not a challenge. If you do somehow manage to guess my password, please do not do anything malicious, and please let me know so that I can change it. Thanks.)
There is another aspect to this situation. Given any password, it’s relatively easy to know if it’s the right one. Simply attempt to log into my email account with your guess, and if you succeed, then you know its right.
These two problems are at the heart of the one of the most famous problems in mathematics – the P vs. NP question. (It’s so famous, that there’s a million dollar prize available to the first person who can solve it). I won’t go into all of the details, but it concerns the complexity of certain types of problems. It basically boils down to whether or not there exist algorithms to solve the first problem (finding an unknown password) that are as simple as the method used in the second (verifying a password).
As of now, no one knows the answer to the P vs NP question. Most mathematicians and computer scientist believe it to be false, that is, the problems of the first type are inherently more difficult than those of the second. Hopefully they are right. As you might be able to discern from from the example above, all current methods of Internet security rely on the fact that it is false. It’s a scary thought to think that something so important to modern society could be based on something unknown.
I’ll digress into the world of athletics for a bit. At one point in time, most of the world thought it impossible for a human being to run a mile in less than four minutes. Almost immediately after Roger Bannister did it in 1954, people began breaking through this barrier one after another. Human history is filled with examples where once something is proved possible, it’s effects propagate throughout society.
Although, most experts think it unlikely, let’s consider the possibility that the P vs. NP question is true. It would be only a small matter of time until someone found a way to use it to their advantage and crack Internet security. This is particularly disturbing as there is a current trend toward cloud computing. More and more, people are entrusting their personal and professional lives to Internet services rather than their own personal computers. If Internet security were to fail due to this, it would be a complete disaster as information would no longer be safe at all. It would be impossible to protect your own identity. Email, on-line banking, and even Facebook (Dear Lord No!) would be compromised. We’d either have to rethink the way we handle Internet security, or we’d have to return to the dark ages of having to tear ourselves away from our computers and actually have to leave our homes to shop. All joking aside, these are some serious issues to think about. Even if the P vs. NP problem is proven false, scientist are now working on quantum computers that can break encryption using other, less traditional methods. If theses computers see the light of day anytime soon, we will definitely have to find a new way of securing our data on-line, and anywhere else for that matter.
Here’s another possibility: it could have very well already happened. There maybe people out there who can get into your on-line accounts as easily as you can and do all sorts of unspeakable things – and you wouldn’t even know it. It’s even possible that the powers that be are sitting on this secret in order to protect their own interests. I don’t consider myself a conspiracy theorist, but there is an ongoing discussion about the suppression of security issues with RFID credit cards, so maybe, just maybe this isn’t so far fetched?
I write this article as somewhat of a warning, not specifically about Internet security, but about trusting what we don’t understand in general. These days, we put so much trust in technology without really understanding it. We see it as a sort of magical cure all for all of our ails, but we take for granted that into which we put our faith. If these things somehow fail us in unexpected ways we could end up in a whole world of trouble, so we should do well to take the time to know how things work.
