How Encrypted Keys Can Leave Bad TasteRSA Challenges Conclusion of Number Generation Study
A first-rate encryption algorithm is much like the tools and personnel found in the kitchen of a tony restaurant. Regardless of the skills of the chef and staff and the quality of the cookware found in the kitchen, patrons won't savor a gourmet feast if unsavory ingredients are used. The same is true with public-key cryptography.
That's the gist of the argument from security maker RSA to research revealed earlier this week that suggests a flaw exists in the RSA algorithm used for public-key cryptography [see When 99.8% Security May Not Be Sufficient].
The paper, Ron was Wrong, Whit is Right, says the very large prime number needed for one of the keys that should remain secret is exposed in rare instances. That finding is disconcerting because enterprises use RSA keys to secure billions of dollars in online transactions, so even a minute exposure of the secret number could produce grave financial consequences.
RSA Chief Technologist Sam Curry doesn't dispute the researchers' findings about the 2 in 1,000 exposure of a large prime number, but disagrees with the paper's conclusion.
In a blog posted Feb. 17, Curry writes the restaurant analogy would be obvious to programmers and security experts: the research paper found a problem with security, yet it wasn't with the RSA encryption algorithm but with its "ingredients" further upstream. He writes:
"The devil in this system is in the random number generation. The ingredients here that lead to suspicious cryptographic end-products were flawed well before the computation that produced a key pair."
Curry likes the paper's examination of cryptographic approaches, despite its conclusions, because research testing is what makes security stronger and publishing those results sparks discussion and debate. He interprets the paper as showing the weakness isn't with the RSA algorithm but in proper implementation.
Curry sees the RSA algorithm as solid because it has withstood scrutiny for decades from multiple sources, and it must continue to withstand such examination, adding:
"The irony is that it must be questioned and tested to make it better, just as we must put ideas out there not just to be seen to be intelligent or to inflate our egos: we must do it to create a debate and a forum for pushing the frontiers of security forward."
Highly regarded security whiz Dan Kaminsky says that the strength of the key isn't the problem if nobody knows to demand it. In his blog, Kaminksy gives his take on the research:
"Most keys on the Internet today have no provenance that can be trusted, not even through whatever value the CA (certifying authority) system affords. Key management ... is the hard problem now for cryptography. Whether you use RSA or DSA or ECDSA, that differential risk is utterly dwarfed by our problems with key management."
Princeton University computer science Ph.D. Nadia Heninger, a National Science Foundation mathematical sciences postdoctoral fellow at the University of California at San Diego, downplayed the impact, writing in her blog:
"There's no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers. It's certainly not, as suggested in The New York Times, any reason to have diminished confidence in the security of web-based commerce."
As Curry puts it: A truly great restaurant is only as good as the weakest link in serving succulent fare to diners for it to succeed. The same, he says, can be said about cryptographic keys, which must be measured and managed as a whole. Care, Curry says, must be paid to the critical path providing a finished product to the consumer.