One tiny math mistake and the terrorists win?

Perhaps these cryptography experts should just hold their little egghead meetings and exchange their little egghead papers in strict privacy rather than letting their concerns leak out and scaring the rest of us regular people half to death. (Yes, I jest.)

Two days ago we learned from security expert Bruce Schneier that the government - specifically, the terrorist-fighting National Security Agency - may have left itself a secret back door in an officially sanctioned cryptographic random-number generator that would allow the good guys to easily decipher encrypted messages sent between bad guys. Of course, determining who's good and who's bad would be left to the wisdom and good faith of our government, which hasn't always demonstrated an abundance of both. And, in the meantime, every user of encryption would be left to wonder.

Yesterday it was Hall of Fame cryptographer Adi Shamir, a professor at the Weizmann Institute of Science in Israel and the "S" in RSA, sounding the alarm about a potential problem with popular computing chips: namely that a math error unknown to the chip maker but discovered by a bad guy could lead to catastrophic consequences. Now, Shamir did have the good judgment to circulate his paper detailing the risk to a small circle of peers, but that nod to discretion proved ineffective once it became known to John Markoff of The New York Times.

From Markoff's story this morning:

Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message."

Executing the attack would require only knowledge of the math flaw and the ability to send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.

With this approach, "millions of PC's can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually," Mr. Shamir wrote.

Shamir tells Markoff that he is unaware of anyone exploiting such a vulnerability and Intel says it's got this one covered.

Of course, it was Intel's math goof back in 1994 that makes all of this more than idle speculation.

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

Google refuses "Impeach Cheney" ad.

Don't worry about holiday airport delays: The government has a plan.

This year's "25 Geekiest 25th Anniversaries."

When the patient is a Googler and the doctor is a pompous jerk.

10 reasons you shouldn't believe in UFOs.

Does NSA have a secret backdoor to cryptographic random-number generator?

FiOS stands for Fire is Our Speciality: latest in the continuing saga.

Cell phone jamming on the rise.

NY denies "E-Z Pass speed trap" coming.

Researchers turn to xkcd for direction.

Federal "fix" knocks ca.gov for a loop

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies