Mahendra Singh & Rajeev Deshpande report:
The Aadhaar system’s data collection and storage is strongly protected by sophisticated encryption processes to ensure biometric data does not leak either through private contractors running enrollment centres or at the central data servers that store the details.
[…]
The encryption uses highest available public key cryptography encryption (PKI-2048 and AES-256) with each data record having a built-in mechanism to detect any tampering.
Read more on The Times of India.
HA ! Your encryption is only as good as the weakest link.
If a hacker gets into some one’s system, and they are on the inside, its another sad day.
People can become pompous about a new product and crow all they want. Eventually security will lax, and the private key(s) will be easily used by someone that is unauthorized.
People who create these wonderful ideas and boldly advertise their wares through the press can, on a whim, engage a breed of researchers and hackers to take on the challenge and see if they can become the first to crack this encryption. Its only a matter of time before software is cracked, or a vulnerability is discovered which will make the software vulnerable.
Call it pessimistic, but security engineers call it a reality. To make sure this stuff works as advertised, it needs a secure foundation to run on. With the detection of unknown rootkits and malware some which have been on networks undetected for many years, this technological leap of faith is but one step thats required for the stuff to have a fighting chance.