SafeNet

Home » The Art of Data Protection » 3 Reasons Why Encryption “Flaw” Isn’t as Bad as it Sounds

You may have heard of the new study titled “Ron Was Wrong, Whit Is Right,” a reference to Ron Rivest (RSA algorithm) and Whitfield Diffie (Diffie-Hellman), basically surmising that crypto keys based on Diffie-Hellman are more secure than keys based on the RSA algorithm. Their data indicates one more reason why commonly used implementations of SSL encryption may be prone to failure, and should perhaps not be trusted at all. After Wednesday’s New York Times article, Flaw Found in an Online Encryption Method, we’ve received questions about what this means. Let me answer some of those questions here.

What is the “flaw”?

In a study done by a bunch of European and American crypto experts on secured web traffic, they found that 99.8% of connections were great. But, less than 0.2% of public keys have enough commonalities in their structure that the keys have a collision – the keys are either identical or partially not unique, making them easy to break.  The result being that one user may be sharing access credentials with another and not even know!  Beyond that, if attackers are looking for clusters of public keys that share part of their key values, breaking one key would allow access to the services and data protected by all the other “common” keys.  So, mathematically, there is a 0.2% chance that while you’re checking your bank account online, someone else’s keys could share enough cryptographic commonalities that they can decrypt your data.  Encrypted S/MIME and PGP email communications could potentially have the same problems.

What’s causing this “flaw”?

Cryptographic keys are based on random number generators, so the idea is that each key will have enough random digits assigned that it’s impossible to predict. When cryptographic key providers don’t follow good practices in their design for the random number generators, there isn’t enough randomization and you end up with similar digits in multiple keys.

The real problem is that there is no independent certification, like FIPS, for example, for how to implement cryptographic technology. So even if you don’t implement the technology correctly, you can still sell your product and no one knows it’s not as secure as it should be.

Setting the Record Straight – Three Reasons it’s not the End of the World

1) Much Ado About Nothing. The data showed that 99.8% of the connections were fine. This means that the vast majority of public key cryptography is sound. The majority of sites, hardware and software we use every day are secure – they present no problems. Yes, the probability of a collision of keys in surprisingly higher than I would expect, but still less than one percent. Finding those collision points would take a significant effort. Even advanced hackers would have a hard time doing anything to attack this vulnerability. They would have to know which systems are vulnerable – which would take a lot of time and research. And they would need to know which cert have a problem – which is even more complex. Exploiting this “flaw” would take lots of resources and an advanced grasp of cryptographic technologies.

2) I Blame Outdated Software. The study specifically pits the RSA algorithm against Diffie-Hellman and states that RSA is outdated and inherently less secure than Diffie-Hellman. This is an incorrect conclusion. Yes, the researchers saw higher levels of collision in RSA keys, but correlation is not causation. The real problem is that most systems written with these algorithms for SSL are old and early encryption software wasn’t designed by the best guys. They were “playing crypto on TV.” There was no peer review process like we have today, so they just went ahead and published and sold their encryption software, without knowing if it was truly “secure”. Sadly, some of their software is still being used today. If you look at the fact that less than 0.2% of keys that are failing, it makes sense that these are being generated by old systems that would never pass today’s standards for certification or peer review.

We’re headed in a direction where this flaw will become irrelevant. Today’s encryption hardware and software is subject to review, vetting and certification, so if the technology is implemented incorrectly the product will not make it on the market – a failure will be highly visible.

3) Reducing Collisions. The report should serve as a notice that some of the fundamental assumptions underpinning the security properties of the Internet are not valid.  What we thought we knew about the security of the Internet , we can no longer be certain of if the situation continues as it is.  Unless developers begin to take key-pair generation seriously in their products and systems, the problems will only continue to grow in scope and magnitude.

If you generate keys – a certificate authority, run a web site that has secured elements, or distribute browsers – make sure you use equipment that is outside of your system and has been peer-reviewed, vetted and certified, like a hardware security module (HSM). You need equipment capable of generating keys that are appropriate to protect the identity of the system and user, as well as the information being exchanged. HSMs not only protect your keys, but also generate key pairs that have appropriate randomization to prevent collisions, so you can trust that the keys data are secure.

If you remember nothing else from this post, remember this: it is not the end of the world. As outdated technology is replaced with current peer-reviewed systems, the flaw will be irrelevant. The vast majority of people will never be affected by it.

Some more articles on the topic:

Hacker News

ComputerWorld’s IT Blog Watch – RSA crypto: ‘flawed’, ‘risky’, ‘quagmire of vulnerabilities’

Dan Kaminski’s Blog – Survey is good. Thesis is strange.

Read Write Web – Researchers Allege Defect in RSA Public Keys, Findings Questioned

About the author:

Russell Dietz joined SafeNet in February 2009 as Corporate Vice President and Chief Technology Officer (CTO). In this role, Mr. Dietz, leads the strategic positioning and migration of new technologies into SafeNet’s highly successful solutions portfolio.

Back to The Art of Data Protection blog homepage.

This entry was posted in Crypto and tagged , , , , , , , , , by Russ Dietz. Bookmark the permalink.

Recent Tweets