Why preventing cyber attacks is so difficult
RE: Worldwide attack demands collaboration (May 16)
I am writing to present facts about computer science that are probably unknown to the general public, to help people understand that preventing cyber attacks like WannaCry is extremely difficult.
As I understand it, WannaCry was an exploit attack. An exploit is a flaw in a program which can allow malicious interference. Not every flaw is an exploit, but it is nearly impossible to guarantee that a piece of software is flawless. The way that programmers typically search for flaws in software is by testing it. If you give a piece of software an input and it doesn’t produce the desired output, the software has a flaw. The problem is that the number of possible inputs for any given piece of software is two to the exponent of the number of bits of input.
Let’s say your program input is eight characters long. One character is eight bits, so that’s 64 bits of input. Even if you wrote a program to test this program one thousand times per second, it would still take around 584 million years to exhaustively check every possible input!
A quarter of a tweet has a thousand times as many possible input states as the number of atoms in the observable universe.
This is what computer scientists refer to as the “state explosion problem,” and it’s a problem that can be mitigated in a number of clever ways, but it has not been solved. Nicholas Moore, Hamilton