Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Saturday November 11 2017, @08:25PM   Printer-friendly
from the isn't-it-always dept.

Submitted via IRC for SoyCow1984

A crippling flaw affecting millions—and possibly hundreds of millions—of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents.

The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs.

[...] One of the scenarios Bernstein and Lange presented in Sunday's post is that serious attackers can further reduce costs by buying dedicated computer gear, possibly equipped with GPU, field programmable gate array, and application-specific integrated circuit chips, which are often better suited for the types of mathematical operations used in factorization attacks. The estimates provided by the original researchers were based on the cost of renting equipment, which isn't as cost-effective when factorizing large numbers of keys. They also noted that compromising just 10 percent of cards used in country-wide voting might be enough to tip an election.

Source: Flaw crippling millions of crypto keys is worse than first disclosed


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by maxwell demon on Sunday November 12 2017, @02:49PM (3 children)

    by maxwell demon (1608) on Sunday November 12 2017, @02:49PM (#595904) Journal

    No, your hypothetical bank scenario is more secure because you would have to know the birth dates of the individual's relatives. A better analogy would be for the PIN to be derived from the street address of one of the bank's branches.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by choose another one on Sunday November 12 2017, @09:14PM (2 children)

    by choose another one (515) Subscriber Badge on Sunday November 12 2017, @09:14PM (#595993)

    Nah, street address of a branch is not memorable (most know _where_ their bank is, but not the address) and isn't immutable either, plus when the bank closes the branch your PIN becomes invalid...

    Dates-of-birth on the other hand are both immutable and discoverable with realistic searching effort using public data - pretty much like the vulnerable key primes in fact :-)

    • (Score: 2) by maxwell demon on Sunday November 12 2017, @09:21PM (1 child)

      by maxwell demon (1608) on Sunday November 12 2017, @09:21PM (#595994) Journal

      I apparently did not get my point across: The birth date of a family member is dependent on the person. So if you do not know what person that PIN belongs to, you have no chance to guess the birth date of that person't closest relative. But in this flaw, the list of primes to be chosen from is the same for everyone. So you need to have one list and can break the keys of everyone without further research.

      And memorability doesn't matter in this analogy.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 2) by choose another one on Sunday November 12 2017, @11:36PM

        by choose another one (515) Subscriber Badge on Sunday November 12 2017, @11:36PM (#596014)

        The PIN secures against card loss, if you have the card then you have the name - it's on the card. Also if you nicked the whole wallet, you probably also have other ID information to uniquely ID the person (names are not unique, although as it happens, just the name, initial and country will do it in my case). That is one reason you aren't supposed to use your own birthday as PIN (although bizarrely my bank used to let you _reset_ online banking password/pin with just the details on the card + DOB - even the banks aren't immune to stupid :-( ).

        Anyway, seems we're all agreed that they're all dumb ideas.

        So you need to have one list and can break the keys of everyone

        It is still a long list to search, probably unfeasibly large for a rainbow table, so breaking everyone is not the problem. What is feasible is breaking a given vulnerable key, with people estimating the compute cost of factoring a vulnerable 2048 bit key may be $1000.