From the Oxford English Dictionary online:
cybersecurity n. – security relating to computer systems or the Internet, esp. that intended to protect against viruses or fraud.
Protecting yourself is hard. Nothing we do in the real world is ever perfectly safe and secure, and yet for some reason people expect that when information has been digitized, it should be safe. Maybe the thought is that if you can’t see what happens to your credit card information when you buy things online, then no one else can either. Wireless internet is almost like magic – you type things into your computer, click a button, and poof! The information just sort of whizzes through the air from your computer to someone else’s computer! Look, ma, no strings!
Obviously not, but that’s the way most of us treat digital information. Since we don’t see what happens to it, we think that no one else can.
There have always been hackers. There will always be hackers. There exist protection measures we can take to protect our personal information, and they are pretty good. They are not, however, perfect. MD5, designed in 1991 by Ron Rivest, was one of the most widely-used cryptographic hash functions. A flaw was discovered in 1996, and then in 2004, further analysis revealed that it was much less collision-resistant than it had previously been thought to be. A weakness has also been discovered in SHA1, the other widely-used cryptographic hash function. Because of this, these hash functions are being phased out of use (MD5 is no longer used for protocols like digital signatures, which rely on low collision rates), and will be replaced with a similar function, SHA2. Currently, the National Institute of Standards and Technology is in the middle of selecting a new hash function (SHA3) that will replace SHA2 if – or really, when – its weaknesses are discovered. Similarly, AES (having replaced Triple-DES, which replaced DES) will eventually need to be replaced as its weaknesses are revealed and exploited.
Ultimately, there is no perfect technological solution to cybersecurity: we can implement all the provably correct programs we want, but this will not protect us from people standing behind us as we enter our private information. Even so, this doesn’t mean we can’t do anything. Just because someone might take a sledgehammer to your door doesn’t mean you shouldn’t lock it – there is no reason to grant people easy access to your belongings, whether physical or digital. Just because we can find strings that produce collisions doesn’t mean that it’s easy to find a collision for a specific string. Security (read, “cryptographic”) measures exist. Use them. Don’t be stupid. Sometimes bad things happen. Remember that secrecy does not equal security. And enable https on Gmail, lest Brad read your chat logs.