Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Experts Debate Risks to Crypto



 By: Dennis Fisher
2002-03-27
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
There is a growing debate in the cryptography community over whether the cryptographic keys used in dozens of applications should be considered compromised in light of a recent paper detailing a more efficient way of factoring large numbers

There is a growing debate in the cryptography community over whether the cryptographic keys used in dozens of applications should be considered compromised in light of a recent paper detailing a more efficient way of factoring large numbers.

On one side are security and cryptography enthusiasts—professionals and amateurs alike—who believe that the technique, described in a paper published last fall by a University of Illinois-Chicago mathematician, could enable someone with enough time and money to build a machine capable of factoring keys as large as 1024 bits derived from the RSA algorithm in a relatively short amount of time. Such a breakthrough theoretically would jeopardize the security of common protocols and applications such as Pretty Good Privacy (PGP), IPSec, SSH and others, all of which are typically deployed with keys smaller than 1024 bits, these people contend.

On the other side is an equally well-informed group of crypto and security folks who acknowledge the theoretical possibility of the factoring method but believe that the machine required to perform the computations is practically impossible to build and is therefore no threat to the keys in use today.

And right in the middle is Daniel Bernstein, the associate professor of mathematics at UIC whose paper has caused all of the furor. Bernstein has stayed above the fray, but that hasnt slowed the discussion of his work one bit.

On Saturday, Marc Briceno, a longtime member of the Cypherpunks group, posted to the Bugtraq mailing list a detailed message describing how an entity such as the National Security Agency with its huge budget and unparalleled resources could build the kind of machine needed to use Bernsteins technique. Some experts have estimated that it would cost nearly $1 billion to build such a system.

"Would the NSA have built a device at less than half the cost of one of their satellites to be able to decipher interception data obtained via many such satellites? The NSA would be derelict of duty to not have done so," wrote Briceno, who is on the board of directors of the International Financial Cryptography Association and is one of the people responsible for breaking in 1998 the authentication and encryption cipher used in GSM phones.

He went on to say that he has revoked all of his 1024-bit RSA keys and considers them compromised.

But building such a machine may not be necessary. At a recent cryptography conference, Nicko van Someren, CTO of nCipher Inc., a security company based in Cambridge, U.K., announced that nCipher researchers had developed a method of factoring 512-bit RSA keys in less than six weeks using readily available computers. Keys of that length are far more common than 1024-bit or 2048-bit keys and the possibility of their being compromised is much more worrisome to many in the security community.

Even so, Bricenos post received considerable attention on several mailing lists, but some experts say hes jumping the gun and giving the NSA and its counterparts too much credit.

"[Bricenos]e-mail is alarmist, in my opinion. I dont assume that someone with a massive budget has already built this machine, because I dont believe that the machine can be built," said Bruce Schneier, a noted cryptographer and author and the CTO of Counterpane Internet Security Inc., in Cupertino, Calif., who wrote an analysis of Bernsteins paper in his Crypto-Gram email newsletter recently. "The Bernstein paper is theoretical only, and there is no reason to believe that it has any affect on practical key lengths. We have no way of knowing when the efficiencies would kick in."

Others arent so sure, however, and say that the prudent course is to assume that keys of 1024 bits and smaller are insecure.

"I think that we should assume that well funded government agencies can break 1024-bit keys on demand, rather than the previous common belief that they could break them but only with a huge amount of time and effort," van Someren said. "The implications of this for national security are clear. The implication for business is less so."



  Reader Comments: Experts Debate Risks to Crypto
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Dennis Fisher
 


x}ks㶲*Q3CO#Mɖ<։eXVi)SBR˭_zВq2D th4{$ W7-gL:9)ٟG,zI}ݻ@BeZNULrJԶnL7n[c3P/WaW᳙(,Q  tjOt0]2xԴ;k:&gek/cߨ[:`&`1ZlRl j9i?Xش$)qDñh] QQږyL6GH;*C7ܩx8ս/DeOG^b&{Bq45;^7Ww2`V~|!k`Tl}qDkMmW ؓ ۭ@x!BP#"F\ςݻHݤqؓ:IuhlUD`iRi13 LmC1k%Rը>lY}@|ݑ|Y#Xo:Q æ&q/#!_TBp`VR̳ؖ#vRA'ס"'ml_j| uvs<"s~3 jdHU 6 C p==\'DL<:/GyӝÌfؖqwh JZUQ bP);+{1{߶S;QkKB)(e*G mݹ7жD^׵vCi^w{ݳ>~j]\r m NַRߘ 0QT&*rp5ֆ$!|Бdmxq=Z.s+ЍEXn`vthQp{4ڭm= K!pI}xXSj9LP#AтMz>tT;]|2Zw9ܻ-L&wz JCˋF0P6xBe^~}¢1O[>ȁ=`Mtև &QsnPBfx?ɜk) )@FH hI#r Bг ,`@o%``P ab .<ҶBICvn<){TKh!+K@fsfh(4{~4 cbB|#'bXr`Y \h+|i)lc lԨ˶V.hXi(Ps0 =cWV+%EUC`HLæo90吶3tunsx9twO8'Â[zhd,Oc6m"/9dShƏ00UEBfѧShW(fsᠺN4S}52{B[`assSelGK4&TԬzoCp6+ s&rG|媞5jx0?3\LdFfkoД +< k1!Y/tzS\ &99IAw Uw誟F=ĿL?ͦzkTؽh@r6ҁveXZ @-ĿUi ma7k )P|M$"6XRvӱυ5ò ="Csz QIä7 kSkdQ6qoaR55 )Kۊ7V-iV9ִrX,y|-lD0(2n( 鿛R&a+\ڨ`OSwAsm0Ho=<fM\?&BXt+@%Z 0f&6X#˦>oًMIAʫ%Ufl lX.)UiH~5<2eX]2XrGmٔAutn\/HҘ!Hr M~ά!֋ӈPQ1"YOu/F5GaϗAܧ^۬v"5w.Bāh,pu-Tn\wlSIBnE)'>5 cd]Dz@4`D pHE&A|Zh y} *Ojq1-b (h bAzpSEoabIt?a1:C5z_{=2dB4]Uj{VN0aE>yL F<|˰"U` }JZYPIb+ģCYV WMUpn`wy~t=t@hCxZ &`i@%p LM{baJ)?oy6,3yZD]bRYEGvoqe(Dkpj?FMS؇Qcm/kR9Tʞ5^ߜ]hDA`! Нv;#ؐCKAk2o q>:(T7gmE{H^ac7U[@oF)MӫU4 "|>75;V`]j->r7poj-śz_EnMsU-nyFD3 =JTȍ𑿚uG "BN7xlxP@"ৣjZ)KƗɘBÜb+>A֌M:+lns0USfyr;WKU056u`=z{'q;Y vLW!SB9^%Lɹ%wA6NZPn3i`$e~(lYP;,g|6Si4DZ6sȈDrzzB*~1='y0}TJJ\ $J+A:er,×v8o 车p-6z_5ރ6 `i8~{L(}ׇ7{9EUl_~; EFh0Z< hIvNCR|I{ѽE%%{w;zdG, YG# B^ǧ Bk;d4)(3pX#ǎFD!B*.f3 T/Us>֒\zF_ɾj,49Aϐa6(F4G!ޚG8 V`!旁1dORc (ʱ=`=` fwuN .F_$BAnpkz!NU He*4Д+e3ѓ:)K5?y{lo&=)sǣAg伅)ћN[)=h[tؗ{qOKn<]1nglLcI"ɫ׺w7}\8%'+Tx|11@7Yud3D?ye11>gnR;-zc1o~=Ϥ2]a*w}o}VZtC.q@)&d/.)%/e 5 OKt1ڮ/=اHYXxlS֛12~Ok O=pԲىƓE|yg,d9a}40[ɱ=ΙdOB%wVpN Ϧv_ O%FJ-cmێ!%/hvpU4"Zy"N0 o[1΢ Im1ZQ|9N83{K4jZSWלL_lZS|  \(.FӞ _'2>Zl뎟2d]M #Qڡr(~vlm.رPJOX608~@Dk":g,)60\DbtfdAqVĒ!q#+Hf GǠ^[TاQdg3>$}0۫` 737L;Xė ),%zV; Y$uӏJ8 't{f0|@n=ELN%&`KtDE:t(oaJ]ۨ@w?KGXerK} |T&r<>vR1vd]sN Hb,A#q/.+q=VnIa%`fHn [<=p֋VGd%}h89igq:HqJRрlwk42@y|旧J@~}E}Ya2X3#Jk3. eъ VJ V<ˏW/GQpHܼI"~$g1YR ةD dPk7OwjJ$t<)n o)rKl**5PG)ѐs6VيFG/uL<`,JUgL|\ҥ+}`jїz—v ݕ*JX!凂.= %\D= P @]JxSR)R&$˓HQ[' ]ޯA!TURo2O{)c i+tHjR%W1t_~RNq4.vT-V js,s,f$ WEPO&No>I 2iᥘq`?YLxA/ 櫑t]V_{Qj G3~h*L /ԬA6H"Z$EV+ V24싗&a!>AK B2,{qL-]jzeJS0 6</czRrV̆@h$ aÂVa)t#t|: i2tXSX=`UoG|Ō@Pu1.1ꉀH:X?pMw%mf˰ř/B b[߲NSe˲ϙ`fUˈK( (d4LiRUےP\ $uqS)c[[VU) tf2,r|rWs;X߮)洑(Cvq`IyX47gy_{K{YZTC6RPHpҦf9"\;df fqt%< n[kkkkbk˻#sacҧK R&"˵.-eajXg38>G1$N7O065T2'[b/B ڒr 1-v-YV+tL>^ds^>,NBOz h [Wݒ -HE8Q3]PKxn q/(Z_Gj><ҀfK#pAp"O"HI}iwsh*Po> Lv9cA>Ӥ#k"xIGW1'@pi}iDaI2f d'b ,Xaby pַ*=/wsx/;v҃V;arPÿfş-z +3wrmDR|׸ ƿ2]'5Nsa`cSAoLP!JjΡk?0ZۘɚLHj~ж}A˽=V43 mY[`8OLŋa{OZW6e=:uJY,_eeYu糹 c~a4C2Ć]a+I錃qlrN_SXL4skxf(0J7{d/RrpBLG5>fw3hΝko0KWH'Ɨy0\ '+jӈat0Nh{8R[xv1LC17.˜HOuKǽ!fjwT608{7~kʁV=P,MY+ Z(C^PB^V’M=1Ir9ꚚrM,n @~PZ# O]c)I5ˋjAE!LjdG6 ͤ<87üa8FSYh9e`!ncbWjP]/OG,iGKZk^YR+Ȉz~btτƌGSj9椷 GgTG 2/RM`u~Ũ&9}nZbfģ Zkah;Xykj=!vc` FK.қپK%YՉ mݹ]A<5&CϢ#f 7pK9c)jy:̿{ c'?tk6٦KMµOAʥ 8I֡QD#'&U"cm䪅J~RR,Cy^)D\+UMhբ fG@VTq\k/~Xc>=SA"`ec=Hy1yRI+-ݳ K )?ՁrO}TK;TI`o3跔Bs08Ar|w\ۭ5 ( ,OX_i㽻Ԙn% DX#eNN&ؤSF;6vCWѵATJ{=EJ13EK^ayZ~\`{񽰲Oi ͬ-j%!V㬤]%F Rt3]sK?c!@$5,?_J }+6Q^_fVܞVk"l>uv.&ڰbD )m3Aw1ԇ.?Ox`pC c  Ą[)bUfwܠ~z*ڟOWe^fsB =Nl~##dM,|U:g|%w[RGlΦCNroV0!wA>po<|SPʕU+%=hpqـjcE~:tdK6ɝ>"&s'؏p{S'"΀E௥oXV{+$νOg- ~|5[>B8!ibFueO9T ƈn_faH9p=S-1Șh MQ HxD~1&gV3!"&L 6@@P0H7׳7<ۈ3:)``")^r {n"ic6lx A>uWLQXj*!b5 Aƙ;fQtZ_$R9⠋< "PV: 1C(^bJ ͍$u~[6D`6s}`EP00a|Loѧv?]f5:RLS*%ΨfldaQ(b8M u?3,a3RC´vxX->>& .ycI 8^yN4xXؘ oX1e2{xbRU+J)|U3ʰLXUKʗͲg2Vqȥ&JZ! `xZNrdhz?;IISk;fh\]]|&gkN^f ?eCyF?(d^f%e\]f_O7CtAt3U\W_\gOe{ksG௏ ?e~2A(*h&࿛ Ku1Ay#CWpz~;"9(/'R*zUK˳C(ge3Vna{Ar!Wge_/C@q}um&R+ ]Q%5-{[I2n@+ȣ_zi k{ʱyD2 s hxVydb bye?VPw;]CҤ]z.{%])W[O'ikr(%s<2g)h{U26#{":^9QUނb>| #r+⭸}exvY^][7m!ϋ9y}³2A:*k6:5Q3[ ňC?s Hz?f:xfOvHq1j|h|Z+Oj*85ߚYu8% HMԳpN08 a箩-gb 4!_ M+ 7\zќ{cnf)k$7rQӊj~JR'\+xa8 "2fDdU*.R0X\^9Q(Fuo*K0njy=q̐ga1V1;BDO"׏ 1`8Y U|y3K %aw8cokx;b(q ?,(sT[^Fl\BCVV0w,ߟS9ǤK4l&%KlŜh'bC']SOL;,O~f+g 3z4}z<(nv?Pųl1@Щ>7gB΄[6п#ނs%(M Y:՞/6[n%c"^F'B.NkuErly0gKlgXSGŻPDxaw. ]C?y_% ]ў,0Gb2 BjVԃ`wƕi1L(" 0]3&2n&zJ 1-X#LyA{=0&FӴFo"9݌ţ:aс(Yc{XnD823Oż;/9, -_ ?y.Bܖ?f }uk64tmWw-E~K5 D 9b5-k&v0Cuv4]? T|- 5\6LDR }F0~N]v0N:*? `nwf9cˎXQYɶz SO~j\O(Co݊珸66x}Ҁ O1Su .Ыvc7W EfEzi?z1]=_v{[=/'R`n)ZF#,c-ԭ<P0@~c.vz]nJQXƦa#QaW:67n MywDL\7o﹨]e#AP1W?&Il}ralX ^|޹+o3Љe;3Gajm,eH&}kqd.GDI qk,Ma4,Lb5"[]QI(`vX3|"@a)5\BLN So 3pRaL (b[и]x O!0gWP Y-f1%Dv88)ҡCCԞBJ>eS1C7@n0\|H d[\K^مu3\j9/YH~> fr*r*]xD4;NbŠbS<'\B;W?aMd|Zk/o?XY/5:G<|;Xyx8~']f(FRqO\|j8)>^tc3u㖗4NpxٔŠ6҂%!t4!ջj4ɊxY޿a(XECh⍿#014[3ˬZY$I#;ov[b$- U.ɡRv3F'e9TU>\JRSk$5WYVfTNƇ̚Z܄;66BKFslx61+