SoylentNews is people
SoylentNews
Crypto Needs More Transparency, Researchers Warn
Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely.
The boffins also demonstrated again that 1,024-bit primes can no longer be considered secure, by publishing an attack using "special number field sieve" (SNFS) mathematics to show that an attacker could create a prime that looks secure, but isn't.
Since the research is bound to get conspiracists over-excited, it's worth noting: their paper doesn't claim that any of the cryptographic primes it mentions have been back-doored, only that they can no longer be considered secure.
"There are opaque, standardised 1024-bit and 2048-bit primes in wide use today that cannot be properly verified", the paper states.
Joshua Fried and Nadia Heninger (University of Pennsylvania) worked with Pierrick Gaudry and Emmanuel Thomé (INRIA at the University of Lorraine) on the paper, here.
They call for 2,048-bit keys to be based on "standardised primes" using published seeds, because too many crypto schemes don't provide any way to verify that the seeds aren't somehow back-doored.
NSA Could Put Undetectable "Trapdoors" in Millions of Crypto Keys
Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners.
The technique is notable because it puts a backdoor—or in the parlance of cryptographers, a "trapdoor"—in 1,024-bit keys used in the Diffie-Hellman key exchange. Diffie-Hellman significantly raises the burden on eavesdroppers because it regularly changes the encryption key protecting an ongoing communication. Attackers who are aware of the trapdoor have everything they need to decrypt Diffie-Hellman-protected communications over extended periods of time, often measured in years. Knowledgeable attackers can also forge cryptographic signatures that are based on the widely used digital signature algorithm.
As with all public key encryption, the security of the Diffie-Hellman protocol is based on number-theoretic computations involving prime numbers so large that the problems are prohibitively hard for attackers to solve. The parties are able to conceal secrets within the results of these computations. A special prime devised by the researchers, however, contains certain invisible properties that make the secret parameters unusually susceptible to discovery. The researchers were able to break one of these weakened 1,024-bit primes in slightly more than two months using an academic computing cluster of 2,000 to 3,000 CPUs.
(Score: 3, Interesting) by frojack on Tuesday October 11 2016, @11:19PM
I read it as your latter asterisked interpretation. I didn't see it as a call for publishing MORE numbers, simply pointing out that some implementations simply use standard numbers embedded in the code because its computationally cheaper.
I would think publishing a known list of easy to trap primes would make more sense.
Personally, I've just moved to larger keys of 4097 or 3072 bits, even if they are marginally slower.
No, you are mistaken. I've always had this sig.