SAN FRANCISCO -- Some of the most stalwart cryptography systems are beginning to buckle as research teams uncover ways to break them, according to a panel of cryptography experts who weighed in on a variety
It’s a long way from being practically broken, but it shows that even the best crypto systems show some signs of wear and tear.
Adi Shamir, a noted cryptographer and professor at the Weizmann Institute of Science, Israel.
Research teams over the last year have found theoretical ways to crack some of the most widely used crypto systems, which protect communications on the Internet and in a variety of devices, such as routers and VPNs. However, while the problems are varied, they are not something to lose sleep over, said Adi Shamir, a noted cryptographer and professor at the Weizmann Institute of Science in Israel.
New research papers have demonstrated ways to theoretically break AES 128-bit encryption algorithm (.pdf), which was adopted by NIST in 2001. Its Russian alternative, DES 256-bit GOST encryption algorithm, was also broken (.pdf). Meanwhile, a new research paper recently highlighted the problem of shoddy implementations of random RSA public key number generators (.pdf) in embedded systems.
“It’s a long way from being practically broken, but it shows that even the best crypto systems show some signs of wear and tear,” Shamir said.
The popular Cryptographer’s Panel, which included Shamir and other noted crypto experts Whitfield Diffie and Ronald Rivest, concluded that while the cryptosystems have remained unbroken for years, the research teams are doing critical work by testing their limits.
The research into AES 128, which was published last summer, demonstrated theoretical weaknesses, but the task of breaking the encryption method is extremely difficult. The work is significant, Shamir said, but actually carrying out an attack is so complex that it is not practical. Other research papers about AES weaknesses, published in 2009, are also very complex to carry out.
Both Whitfield and Rivest praised the paper on random RSA public key number generators, but said that as a practical matter, the issue it highlights is not a serious problem. “If you manufacture your keying generation material correctly … this is simply not going to happen to you,” Whitfield said.
Meanwhile, Rivest, who was part of the team that discovered the RSA algorithm in the 1970s, said instead of having almost perfect random number generators it might make more sense to build more fallible system components. According to the paper, an improperly implemented random key generator would produce four out of every 1,000 keys that provide no security.
More attention needs to be placed on securing embedded devices, the kinds of systems that control traffic signals and other processes most people take for granted, said Stefan Savage, a member of the RSA panel who gained notoriety last year when he led a team at the University of California, San Diego and the University of Washington in remotely hacking a vehicle and taking over nearly all of its functions. “Just about everything today is a distributed system, but not enough research is being done in this area,” Savage said.
View all of our RSA 2012 Conference coverage.