Secrecy is the new security
McAfee's new concept sounds like an interesting idea and it's easy to imagine a device like this being popular with people who want to share files or chat anonymously.
"I cannot imagine any college student in the world not standing in line to buy one of these," McAfee said during C2SV.
McAfee claims the NSA, America's top code breaking agency, will be stymied by the new device. "The NSA won't get into it," McAfee said. "The encryption that we have developed is unique, and the NSA nor any other governmental agency has been involved."
And this is where D-Central may turn out to have some rough spots. It's too early to say what kind of encryption D-Central will have, but it certainly sounds like McAfee isn't willing to trust standard encryption algorithms that most security professionals rely on. If that's the case, McAfee and co. have probably developed a closed-source solution.
A well-known axiom in the security world is that your best bet for strong encryption is to use open code that has been placed under scrutiny by security experts over the course of many years. Closed-source solutions, on the other hand, are a bit more risky; if a hacker discovers a previously undiscovered vulnerability D-Central devices could be left wide open to attack.
Perhaps even more concerning, with closed-source solutions there's really no way to truly know whether the government has pressured a company to install a backdoor into their crypto.
As I said earlier, it's too early to know what McAfee means by a "unique" encryption solution and whether or not D-Central will be open to attack. Nevertheless, it's something to keep an eye on as the product develops—assuming of course we ever see an actual device.
Despite any potential shortcomings, however, D-Central sounds like it could be a handy tool in a world where the NSA and other world governments seem to be spying on our every online move. Now let's see if McAfee can deliver on his claims by combining ease of use with solid anonymity and security.
Sign up for Computerworld eNewsletters.