RSA Brushes Off Crypto Research FindingsAdded 17th Feb 2012
After having its flagship RSA crypto system called flawed this week by prominent researchers in a paper they made available online, EMC's RSA security division struck back by saying the paper's results don't indicate a fundamental flaw in the RSA algorithm but more likely a problem with implementing it.
"On Feb. 14th, a research paper was submitted for publication stating that an alleged flaw has been found in the RSA encryption algorithm," RSA said Thursday in a statement. "Our analysis confirms to us that the data does not point to a flaw in the algorithm, but instead points to the importance of proper implementation, especially regarding the exploding number of embedded devices that are connected to the Internet today."
Ari Juels, chief scientist for RSA, told Network World that "the study is useful" as it pertains to the "failures of crypto protocols during random-number generation." But he faults its core idea that the RSA algorithm is somehow fundamentally flawed.
"I'd say all cryptography relies on good true random-number generation. And when that goes wrong, the protocol breaks," Juels says. He faults the conclusions of the paper that there was something intrinsically wrong with the RSA algorithm. The paper might have found that the RSA algorithm "might be a little less robust than another one," but "it's obviously not a problem with the RSA algorithm, it's the way the keys were generated."
He said this is not an issue that goes unrecognized today in industry, and Intel is in fact building a fast random-number generator in its upcoming Ivy Bridge chip.
RSA was not apprised of the paper before it appeared online.
In its formal statement, RSA did not dispute specifics in the paper, which was authored by Arjen Lenstra, James Hughes, Maxime Augier, Joppe Bos, Thorsten Kleinjung and Christophe Wachter. The paper sought to look at the security tied to millions of public X.509 certificates that they collected across the web. Based on the data they collected, they concluded "1,024-bit RSA provides 99.8% security at best."
The research group of cryptographers said they collected 6.4 million distinct X.509 certificates and PGP keys containing RSA moduli, and in analyzing their enormous cache, found duplicate RSA-moduli keys about 1% of the time.
"More seriously, we stumbled upon 12,720 different 1,024-bit RSA moduli that offer no security," the researchers said in their paper, which is titled "Ron was wrong, Whit was right" a reference to Ron Rivest, co-inventor of the RSA algorithm, and noted cryptographer Whitfield Diffie. The paper leveled a devastating critique against RSA as fundamentally flawed.
In its retort against the researchers' paper, RSA said, "We welcome this form of research" because it "contributes to better overall security for everyone," but emphasized "the RSA algorithm has withstood such scrutiny for decades from multiple sources."
RSA went on to say good cryptography "depends on proper implementation. True random-number generation underpins nearly all cryptographic algorithms and protocols, and must be performed with care against the weakening of well-designed cryptography. Our analysis points to the need for better care in implementation, generally tied to embedded devices. We see no fundamental flaw in the algorithm itself, and urge all cryptography users to ensure good implementation and best practices are followed."
RSA also received some measure of support from noted security researcher Dan Kaminsky who Thursday posted a blog about the crypto controversy.
Lenstra and Hughes are prominent cryptographers, and Kaminsky says he considered they had done "excellent survey work" which in total included a look at 11.7 million public keys. But he basically rejected the fundamental thesis of their paper.
"[T]here's just no way we get from this survey work, to the thesis that surrounds it," writes Kaminsky in his blog. He argues that "On the basic level, risk in cryptography is utterly dominated, not by cipher selection, but by key management. The study found 12,720 public keys. It also found approximately 2.94 million expired certificates. And while the study didn't discuss the number of certificates that had no reason to be trusted in the first place (being self signed) it did find 5.4 million PGP keys."
Kaminsky goes on to say much more, including, "What the data from the survey says, unambiguously, is that most keys on the Internet today have no provenance that can be trusted, not even through whatever value the CA [certificate authority] system affords. Key Management - as Whit Diffie himself has said - is the hard problem now for cryptography."
Kaminsky also observes, "This is a paper based on survey work, in which empirically validated existence of an implementation flaw (12,720 crackable keys) is being used to justify a design bias (don't use a multi-secret algorithm). The argument is that multi-secret algorithms cause crackable public keys."
Kaminsky indicated he doesn't buy the conclusions made in the crypto researchers' paper. "I don't mean to be too hard on this paper, which again, has some excellent data and analysis inside. I've been strongly advocating for the collection of data in security, as I think we operate more on assumption and rumor than we'd like to admit. The flip side is that we must take care not to fit our data to those assumptions."
Riverbed Technology has released a rebranded SteelFusion line of storage appliances, signaling its intention to further centralize its branch office lines and combine as much functionality as possible into a single device.
Red Hat is looking to advance the Docker Linux container application for wider enterprise use.
In a surprise announcement, enterprise asset intelligence company Zebra Technologies said it is acquiring Motorola's Enterprise business for US$3.45 billion in an all-cash transaction.
Microsoft may have ended support for Windows XP, but free antivirus software vendor Avast projects that for millions of users, that won't mean squat.
Microsoft is targeting the growing volume of data being generated by both machines and humans: CEO Satya Nadella on Tuesday showed off tools that could help organizations better understand -- and profit from -- this trove of information.
SAP user groups are stepping up pressure on the vendor over the fees charged for its user-friendly Fiori applications, saying they should be included as part of the substantial annual maintenance costs customers already pay.
Intel is trying desperately to grow its share of the tablet market, and with Windows flunking out on those devices, Android is where it's at.
VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.
In the race to protect themselves from the Heartbleed vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.
The operator of an independent website aimed at helping users of J.D. Edwards enterprise resource planning software has shut it down after Oracle alleged the site infringed on its copyrights.
Big data analytics are driving rapid growth for public cloud computing vendors with revenues for the top 50 public cloud providers shooting up 47% in the fourth quarter last year to $6.2 billion, according to Technology Business Review Inc.
Microsoft is updating its Web-based Office Online suite, narrowing the features gap with the main Office 365 and Office 2013 suites installed on users' devices.
While almost all of the attention has centered on patching Web servers and advising users to change their passwords, security researchers have discovered that individual client PCs and devices are also at risk thanks to "Reverse Heartbleed."
McAfee has released a free 'Heartbleed checker' to help internet users easily gauge their susceptibility to the Heartbleed Bug.
Akamai Technologies, whose network handles up to 30 percent of all Internet traffic, said that a researcher found a fault in custom code that the company thought shielded most of its customers from the Heartbleed bug.