Blog of Sara Jakša

How Encryption Annoyed Me Today

I am currently making an app to research experience. I am very toward the end of making the first version, which will go into the testing. I expect a lot of things to go wrong. This is going to be a very new experience for me.

Well, one of the things that went wrong with the previous version a couple of years ago was, that the whole experience data was collected in plain text on the server. Where it would be a easy target for hackers to get. Maybe this was alright in 2015 (at least that is how it was presented to me), but since then we had the whole Cambridge Analytica and their involvement in Trump election and Brexit vote, so not something that we want to deal with in 2019.

They have the whole strategy, how they are going to protect the privacy of the people now. The problem is, that their part is not ready yet. So until it will be ready, the data would be send by email. Not exactly a good alternative. Unless the data would be encrypted.

So in the recent days I got the idea. Why not use some kind of public-private keys for encryption. This should work. So I went, realized that a lot of people talk abut the RSA and decided to try and implement this in the app.

Almost a whole day later, I finally got the app to send the encrypted file this way. The problem was, that the content of the file was too big to be able to decrypt it. Apparently there is a size limit, based on how long the key is? Well, since these things can go quite large, this was almost a whole day spend on the way that would not work.

So we are back on the AES encryption and researchers and the participants in research exchanging the passwords in person. Quite more work. The other alternative would be to encrypt the key with public key, but this one I was not sure, if I am capable enough to explain in order for them to understand. Since it is a short-term solution, I guess it would work. And I hope whatever solution they will come with, it will not take too long.

Well, as long they are not like some people that I know, who are sending their passwords to other people in Facebook messenger. Yes, I have seen this happen in person.

But the lesson for today way, RSA can only be used for short messages. Good to know for next time.