RSA Brushes Off Crypto Research FindingsAdded 17th Feb 2012
After having its flagship RSA crypto system called flawed this week by prominent researchers in a paper they made available online, EMC's RSA security division struck back by saying the paper's results don't indicate a fundamental flaw in the RSA algorithm but more likely a problem with implementing it.
"On Feb. 14th, a research paper was submitted for publication stating that an alleged flaw has been found in the RSA encryption algorithm," RSA said Thursday in a statement. "Our analysis confirms to us that the data does not point to a flaw in the algorithm, but instead points to the importance of proper implementation, especially regarding the exploding number of embedded devices that are connected to the Internet today."
Ari Juels, chief scientist for RSA, told Network World that "the study is useful" as it pertains to the "failures of crypto protocols during random-number generation." But he faults its core idea that the RSA algorithm is somehow fundamentally flawed.
"I'd say all cryptography relies on good true random-number generation. And when that goes wrong, the protocol breaks," Juels says. He faults the conclusions of the paper that there was something intrinsically wrong with the RSA algorithm. The paper might have found that the RSA algorithm "might be a little less robust than another one," but "it's obviously not a problem with the RSA algorithm, it's the way the keys were generated."
He said this is not an issue that goes unrecognized today in industry, and Intel is in fact building a fast random-number generator in its upcoming Ivy Bridge chip.
RSA was not apprised of the paper before it appeared online.
In its formal statement, RSA did not dispute specifics in the paper, which was authored by Arjen Lenstra, James Hughes, Maxime Augier, Joppe Bos, Thorsten Kleinjung and Christophe Wachter. The paper sought to look at the security tied to millions of public X.509 certificates that they collected across the web. Based on the data they collected, they concluded "1,024-bit RSA provides 99.8% security at best."
The research group of cryptographers said they collected 6.4 million distinct X.509 certificates and PGP keys containing RSA moduli, and in analyzing their enormous cache, found duplicate RSA-moduli keys about 1% of the time.
"More seriously, we stumbled upon 12,720 different 1,024-bit RSA moduli that offer no security," the researchers said in their paper, which is titled "Ron was wrong, Whit was right" a reference to Ron Rivest, co-inventor of the RSA algorithm, and noted cryptographer Whitfield Diffie. The paper leveled a devastating critique against RSA as fundamentally flawed.
In its retort against the researchers' paper, RSA said, "We welcome this form of research" because it "contributes to better overall security for everyone," but emphasized "the RSA algorithm has withstood such scrutiny for decades from multiple sources."
RSA went on to say good cryptography "depends on proper implementation. True random-number generation underpins nearly all cryptographic algorithms and protocols, and must be performed with care against the weakening of well-designed cryptography. Our analysis points to the need for better care in implementation, generally tied to embedded devices. We see no fundamental flaw in the algorithm itself, and urge all cryptography users to ensure good implementation and best practices are followed."
RSA also received some measure of support from noted security researcher Dan Kaminsky who Thursday posted a blog about the crypto controversy.
Lenstra and Hughes are prominent cryptographers, and Kaminsky says he considered they had done "excellent survey work" which in total included a look at 11.7 million public keys. But he basically rejected the fundamental thesis of their paper.
"[T]here's just no way we get from this survey work, to the thesis that surrounds it," writes Kaminsky in his blog. He argues that "On the basic level, risk in cryptography is utterly dominated, not by cipher selection, but by key management. The study found 12,720 public keys. It also found approximately 2.94 million expired certificates. And while the study didn't discuss the number of certificates that had no reason to be trusted in the first place (being self signed) it did find 5.4 million PGP keys."
Kaminsky goes on to say much more, including, "What the data from the survey says, unambiguously, is that most keys on the Internet today have no provenance that can be trusted, not even through whatever value the CA [certificate authority] system affords. Key Management - as Whit Diffie himself has said - is the hard problem now for cryptography."
Kaminsky also observes, "This is a paper based on survey work, in which empirically validated existence of an implementation flaw (12,720 crackable keys) is being used to justify a design bias (don't use a multi-secret algorithm). The argument is that multi-secret algorithms cause crackable public keys."
Kaminsky indicated he doesn't buy the conclusions made in the crypto researchers' paper. "I don't mean to be too hard on this paper, which again, has some excellent data and analysis inside. I've been strongly advocating for the collection of data in security, as I think we operate more on assumption and rumor than we'd like to admit. The flip side is that we must take care not to fit our data to those assumptions."
Next year will see demonstrable evidence of the Internet of Things, real-time communications on the Web, and SDN-enabled platforms with killer applications for them.
A Stratecast survey has found that more than 80 per cent of employees admit to using unauthorised Software-as-a-Service (SaaS) applications during work.
Microsoft moved to reassure business and government customers worldwide that it is committed to informing them of legal orders related to their data, and will fight in court any 'gag order' that prevents it from sharing such information with customers.
Distributed denial-of-service attacks against financial firms and other industries have been mounting, so today the Cloud Security Alliance (CSA) announced it is establishing the Anti-Bot Working Group to help fight this threat.
The majority of today's CIOs see value in mobilizing enterprise applications and in deploying mobile-related innovations such as GPS features, location-based services (LBS), mobile payments and QR codes. Many also say their organizations are already somehow increasing revenue and developing new revenue streams directly related to mobile. But nearly as many CIOs also see the cost of deploying new innovations as prohibitive and complexity as a major concern, according to a new survey commissioned by Mobile Helix, a mobile security vendor.
The price of bitcoins may be soaring, but China isn't too thrilled with the virtual currency. On Thursday, the nation moved to regulate use of bitcoins, stating that its financial institutions could not deal in the virtual currency.
New attack campaigns have infected point-of-sale (PoS) systems around the world with sophisticated malware designed to steal payment card and transaction data.
Ruby on Rails users are advised to upgrade to newly released versions of the Web development framework that contain important security fixes, according to the Rails development team.
Mobile technology is increasing the complexity, usage and costs of mainframe applications, according to Compuware research.
Asian markets are ready for advanced mobile technology and fast connectivity, according to new insights released by Telenor Group in Asia.
Large smartphones with 5-in. or larger displays -- often called phablets -- are eating into sales of smaller tablets with screens in the 7-in. range.
Analysts have predicted that the Internet of Things will continue to grow in 2014, and more enterprises will start to realise the potential benefits.
When end users circumvent the IT department and start using software-as-a-service (SaaS) applications without permission, the IT pros complain about the plague they call "shadow IT." But it would seem the professionals are also operating in the shadows, according to a survey out today.
Once upon a time, not so long ago, the IT admin chose exactly what hardware and software would be used by employees. Recent trends like the consumerization of IT and BYOD (bring your own device) have shifted the balance of power, but IT still has to maintain some degree of control over the applications used and where sensitive data is stored. Many users just download apps or start using unsanctioned services, though, and introduce unnceccesary security risks through "shadow IT."
Once heavily reliant on the Chinese market, Lenovo is now looking to make acquisitions as it tries to expand its growing enterprise business to other countries.