SoylentNews is people
SoylentNews
Researcher Ben Perez has written that it is time to stop using RSA[*] encryption. He goes into some of the problems with the algorithm and its supporting code bases, how bad they are, some of the mitigations, and then explains his conclusion. Curve25519 is being recommended instead.
RSA was an important milestone in the development of secure communications, but the last two decades of cryptographic research have rendered it obsolete. Elliptic curve algorithms for both key exchange and digital signatures were standardized back in 2005 and have since been integrated into intuitive and misuse-resistant libraries like libsodium. The fact that RSA is still in widespread use today indicates both a failure on the part of cryptographers for not adequately articulating the risks inherent in RSA, and also on the part of developers for overestimating their ability to deploy it successfully.
The security community needs to start thinking about this as a herd-immunity problem—while some of us might be able to navigate the extraordinarily dangerous process of setting up or implementing RSA, the exceptions signal to developers that it is in some way still advisable to use RSA. Despite the many caveats and warnings on StackExchange and Github READMEs, very few people believe that they are the ones who will mess up RSA, and so they proceed with reckless abandon. Ultimately, users will pay for this. This is why we all need to agree that it is flat out unacceptable to use RSA in 2019. No exceptions.
[*] RSA:
(Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret (private). In RSA, this asymmetry is based on the practical difficulty of the factorization of the product of two large prime numbers, the "factoring problem". The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1977.
However, many systems and hardware tokens are still hardcoded for RSA. So upgrading is not as easy a task as it could be.
Where have you been able to migrate from RSA? Where have there been obstacles?
Earlier on SN:
Mathematicians Seal Backdoor to Breaking RSA Encryption (2018)
Upgrade Your SSH Keys (2016)
512-bit RSA Keys Cracked in Four Hours for only $75 (2015)
NSA and RSA - Claims of More Evidence (2014)
(Score: 3, Interesting) by stormwyrm on Wednesday July 10 2019, @08:43AM
I did a little bit of research on what exactly seems to be the skinny with the RSA and elliptic curve cryptography, and came across a very interesting article [iacr.org] by other than Neal Koblitz and Alfred J. Menezes, Koblitz being one of the two people credited with inventing elliptic curve cryptography in the 1980s. In 2015, the NSA released a statement [archive.org] that showed that due to concerns about advances in quantum computers they were not recommending that people make the transition to use of ECC-based cryptosystems:
Koblitz and Menezes speculate as to the true reasons for the NSA's sudden change after energetically pushing ECC for years before then. My vote is on the sixth possibility they present (5.6), that the NSA has a political need to distance itself from ECC. They lost a lot of trust and credibility by pushing the infamous Dual_EC_DRBG kleptographic system, and they anticipated that anything further that they tried to say about ECC standards would be tainted by the same mistrust. We can see exactly that in the many reactions to this article.
Numquam ponenda est pluralitas sine necessitate.