Cracks in the S.H.I.E.L.D.
In the pilot, S.H.I.E.L.D. agents eventually capture Skye, telling her they traced her by matching the "cryptographic signature" on one of her photos with other photos on a website used by political radicals.
This is possible, but has nothing to do with cryptography. Every digital camera has a unique "fingerprint," or pattern of distortion in each photograph, created by tiny misalignments in the camera's sensors. Law enforcement agencies use these "fingerprints" to match photos to cameras.
Later in the pilot episode, S.H.I.E.L.D. agents can't crack the encryption on the computers in Skye's van.
That sounds cool in theory, but in practice, it doesn't work nearly as well as you might think.
"A GPS coordinate is a poor choice of key for a few reasons," Kevin O'Brien, a security systems architect for the Waltham, Mass., cloud security company Cloudlock, told Tom's Guide.
GPS coordinates are comprised of two seven-digit numbers. The resulting encryption key would only be 14 digits long — not long enough to withstand a basic password guessing, or brute-force, attack, which is when hackers use a computer program that quickly goes through every possible combination of characters in order to crack a password.
Guessing the encryption key would be even easier if you knew that it was based on GPS coordinates.
"Those digits are most likely going to correlate to a location nearby, since the van needs to be able to reasonably reach its decryption location," O'Brien said. "Given that, it's easy to iterate through all possible combinations of coordinates, and, by brute force, gain access."
But how would S.H.I.E.L.D. agents know to look for GPS coordinates?
"Whatever program was handling the decryption would presumably be monitoring a GPS device of some kind for the right set of coordinates," O'Brien said. "That means that I could pretty readily look for that recurring 'question' on the network or via whatever wire connected the two devices."
Technological flaws aside, using GPS coordinates as an encryption key just seems pointless, O'Brien said.
"Why bother?" he asked. "Assuming that the specific location is known to the driver, it's no more secure than having a password memorized. … Coercion can reveal where the van needs to be as effectively as it can reveal a string of letters and numbers."
O'Brien thinks Skye might be better served using a "one-time pad," which encrypts data using a new random key each time.
"Geolocation might make for a good pad [aka encryption key], if it was also time-bound," O'Brien said. "For example, 'only decrypt the data on the van if it is at exactly the right place, at exactly the right time.'"
"That way, once the van was taken away by the agents, the window of opportunity to use the pad would be lost," O'Brien said. "Highly inconvenient cryptography, but significantly more secure."