One tiny math mistake and the terrorists win?
By Paul McNamara on Sat, 11/17/07 - 6:05am.
Perhaps these cryptography experts should just hold their little egghead meetings and exchange their little egghead papers in strict privacy rather than letting their concerns leak out and scaring the rest of us regular people half to death. (Yes, I jest.)
Two days ago we learned from security expert Bruce Schneier that the government - specifically, the terrorist-fighting National Security Agency - may have left itself a secret back door in an officially sanctioned cryptographic random-number generator that would allow the good guys to easily decipher encrypted messages sent between bad guys. Of course, determining who's good and who's bad would be left to the wisdom and good faith of our government, which hasn't always demonstrated an abundance of both. And, in the meantime, every user of encryption would be left to wonder.
Yesterday it was Hall of Fame cryptographer Adi Shamir, a professor at the Weizmann Institute of Science in Israel and the "S" in RSA, sounding the alarm about a potential problem with popular computing chips: namely that a math error unknown to the chip maker but discovered by a bad guy could lead to catastrophic consequences. Now, Shamir did have the good judgment to circulate his paper detailing the risk to a small circle of peers, but that nod to discretion proved ineffective once it became known to John Markoff of The New York Times.
From Markoff's story this morning:
Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message."
Executing the attack would require only knowledge of the math flaw and the ability to send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.
With this approach, "millions of PC's can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually," Mr. Shamir wrote.
Shamir tells Markoff that he is unaware of anyone exploiting such a vulnerability and Intel says it's got this one covered.
Of course, it was Intel's math goof back in 1994 that makes all of this more than idle speculation.
Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.
Google refuses "Impeach Cheney" ad.
Don't worry about holiday airport delays: The government has a plan.
This year's "25 Geekiest 25th Anniversaries."
When the patient is a Googler and the doctor is a pompous jerk.
10 reasons you shouldn't believe in UFOs.
Does NSA have a secret backdoor to cryptographic random-number generator?
FiOS stands for Fire is Our Speciality: latest in the continuing saga.
Cell phone jamming on the rise.
NY denies "E-Z Pass speed trap" coming.
Researchers turn to xkcd for direction.
- About Buzzblog
- Archives
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
Sponsored Links
- The Next Generation of Content Security Has Arrived! Learn More!- Websense, Inc.
- Reduce costs by 49%, Increase capacity utilization by 33%. Make the HP LeftHand SAN work for you.- HP LeftHand SAN
- Connexion saves costs with Microsoft & Novell- Novell Microsoft
- Masters of Virtualization and Cloud Computing- Trend Micro
- Hitachi IT Operations Analyzer—30-day free trial- Hitachi Data Systems
- Are you gambling with your data? It is at risk. Find out and protect it.- Ultrium LTO
- CA ARCserve r12.5 is More Than Backup! Download Trial Version Today- CA
- Take the Netezza TwinFin TestDrive!- Netezza
- Getting to One 10-minute Webcast, Cloud Computing: Beyond the Hype- Novell
- Watch a step-by-step demo of how Chinese hackers compromised brand name US high-tech companies like Google. - Zscaler
-
Network World, Inc
The Leader in Network Knowledge
Oh, please. Check your facts before you post.
It's called the "National Security Administration" (not the National Safety Administration), and it's not fighting terrorism: its primary purpose is to protect the USA communication channels and decrypt the (encrypted) communications of other nations and/or terrorist groups.
Oh, please. Check your facts before you comment.
Personally, I thought it was the National Security Agency.
Sorry for knocking your high-horse .
Haha
pwned, you typo bitchin bitches..
I think it's 4 real
RSA was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT. In fact, in addition to RSA, Shamir's other numerous inventions and contributions to cryptography include the Shamir secret sharing scheme, the breaking of the Merkle-Hellman cryptosystem, visual cryptography, and the TWIRL and TWINKLE factoring devices. Together with Eli Biham, he discovered differential cryptanalysis, a general method for attacking block ciphers. (It later emerged that differential cryptanalysis was already known — and kept a secret — by both IBM and the NSA.)
Shamir has also made contributions to computer science outside of cryptography, such as showing the equivalence of the complexity classes PSPACE and IP.
You think this man doesn't know a bit about cryptography?
Do you remember "birthday attack"?
Let me remember it:
In a group of 23 (or more) randomly chosen people, there is more than 50% probability that any pair of them will have the same birthday. For 57 or more people, the probability is more than 99%, although it cannot be exactly 100% unless there are at least 366 people in that group.
Something similar as a finality has been founded today and implications are even greater.
Just think again.
Birthday probability
The probability in question is that there will be at least two persons having the same birthday month and day, not "that any pair of them will have the same birthday." The probability of any pair having the same birthday is quite different.
It's agency
My bad. Been fixed. Thanks.
One tricky bit..
One tricky bit of this, I would expect if a given chip (or even architecture) had a math flaw, I would think it would cause portability problems. That is, I would think that in general, even if AMD and Intel CPUs both had the flaw, that people would try running the app on PowerPC, PA-RISC, SPARC, or (perhaps more likely due to widespread use in cell phones etc.) ARM or MIPS, and find that messages either can't be decrypted or the messages encrypted are unintelligble on the AMD/Intel desktop.
Of course, if the flaw is designed or exploitable so it only kicks in with a *specific* key or two...