Sign In

Communications of the ACM

ACM TechNews

Lessons About Rsa Key Security


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Eugene Spafford

Photo courtesy of Eugene H. Spafford

Purdue University professor Eugene Spafford says a recently published paper that called into question the security of RSA public-private keys has lessons for security researchers.

The paper found that the algorithms used to generate random numbers for use in encryption keys could make a secret number public. However, Spafford says that some smaller organizations apparently created their own Secure-Socket-Layer public-private-key set using software to generate random numbers. The smaller organizations may have used a small set of seed values that would generate the same set of large prime numbers.

"It's important that we regularly verify our assumptions, verify that the systems we're using really work the way that they're supposed to work," Spafford says.

The researchers found that by collecting a very large number of existing pubic keys and doing some analysis, they were able to find common factors that were used generating those keys. One of the problems with encryption is the whole aspect of key generation and management, and that has been the case for a very long time, Spafford notes.

"We're able to develop and use algorithms that are effectively unbreakable given current technology, but unless we're able to generate truly random keys and keep them appropriately safe from prying eyes, then it doesn't matter how strong the algorithms really are," he warns.

From GovInfoSecurity.com
View Full Article

Abstracts Copyright © 2012 Information Inc. External Link, Bethesda, Maryland, USA 


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
ACM Resources