The Whedons did their homework
"Agents of S.H.I.E.L.D.," the ABC television spinoff of the hugely popular Marvel superhero movies, premiered on Tuesday (Sept. 24).
The show had plenty to be excited about: writer/producer Joss Whedon's signature snarky dialogue, a brief appearance by "Avengers" star Cobie Smulders as Agent Maria Hill and shout-outs to the rest of the Marvel film universe, such as the "Extremis" medical condition that grants people superpowers, but makes them dangerously unstable, as featured in "Iron Man 3."
Any information-security experts watching the "Agents of S.H.I.E.L.D." premiere might have been excited to see that the show also made many mentions of encryption.
Sometimes the show got encryption right. Other times, not so much.
RSA and AES encryption
Early on in the episode, Agent Coulson (Clark Gregg) mentions that a hacktivist named Skye (Chloe Bennet) "hacked our RSA implementation."
The show got this terminology correct. The RSA encryption algorithm pops up all over the security field. It’s named after Ron Rivest, Adi Shamir and Leonard Adleman, the three cryptographers who invented the algorithm in 1977, and it's used for what is called public-key cryptography.
All encryption takes readable data, or "plain text," and scrambles it with a string of seemingly random numbers and/or letters called a key. Think of the scrambled result as a lockbox, and the key as what unlocks it.
But how do you share that key with the people you want to secretly communicate with, while keeping the key from everyone else?
That's where encryption algorithms like RSA come in. RSA uses two very long keys, called the "public key" and the "private key." Any information encrypted with a given public key can only be decrypted by the corresponding private key.
A person can freely share his or her public key, while keeping the private key safely hidden. That way, other people sending him or her secret messages can be confident that the messages can be read by only the intended recipient.
If Agent Coulson wanted to send a secret message to Agent May (played by Ming-Na Wen), he would encrypt his message using her public key, so that only May would be able to decrypt and read it.
To respond, May would then encrypt her own secret message using Coulson's public key.
The very phrasing of Coulson's line, "hacked our RSA implementation," also shows that the writers of "Agents of S.H.I.E.LD." did some research.
It would have been ridiculous for Skye to hack the RSA algorithm itself. It's been public for years and has withstood extensive testing.
"Trust the math," encryption expert Bruce Schneier told The Guardian when asked about the National Security Agency's capabilities against encryption.
But it's still possible to crack specific implementations, or uses in a given piece of software, of an encryption algorithm. By specifying that Skye hacked S.H.I.E.L.D.'s RSA implementation, Coulson admits Skye found a tiny software flaw that the agency's specialists had missed.
Later, a character mentions another type of encryption called "AES." This refers to the Advanced Encryption Standard, a U.S. governmental specification for how to use a Belgian encryption algorithm called Rijndael.
The show's mentions of RSA and AES were right on the money as far as real-life cryptography is concerned. However, other parts of the show may have had crypto geeks rolling their eyes.