webinars



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

26 November 2007

RSA standard vulnerable, says founder

John-Paul Kamath, Computer Weekly

Millions of computers running the RSA security standard to enrycpt data could be vulnerable to hacking attacks following the discovery of a flaw in a popular microprocessor by one of the RSA standard's founders.

Adi Shamir - the "S" in RSA - revealed a mathematical error which would make it possible for an attacker to break the protection of public key cryptography when used against a well-known and widely used make of microprocessor.

Mr Shamir wrote in a research note that if an intelligence organisation discovered the error in the widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message".

"Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually", said Shamir.

He wrote that the increasing complexity of modern microprocessor chips was almost certain to lead to undetected errors and that because the exact design of chips were kept as trade secrets, it would be difficult to verify how many different versions of this chip contained the error.

Using RSA, a message is encrypted using a publicly known number and then unscrambled with a secret one. The technology makes it possible to exchange information securely, and is used in secure web transactions.

An attack would require knowledge only of the flaw - initiated by inputting a mathematical error - and the ability to send a "poisoned" encrypted message to a protected computer. It would then be possible to compute the value of the secret key used by the targeted system.

Mr Shamir has said he had no evidence that anyone was using an attack of the kind he had described.

This article first appeared on the web-site of Computer Weekly, at http://www.computerweekly.com/Articles/2007/11/27/228187/rsa-standard-vulnerable-says-founder.htm. © Reed Business Information 2007.

EMC buys RSA Security for $2bn. Have they gone mad? (25 August 2006)

ISS enters Big Blue (25 August 2006)

News index



 

 
Search this Site:
Google Custom Search



Click here...