uncompiled.com

Quantum cryptography only works if Alice and Bob share their relative positions in advance. Now physicists have worked out how to do it without this information.

The world of cryptography is currently undergoing a quantum revolution. The weird laws of quantum mechanics allow cryptographers to create codes that guarantee perfect secrecy. Until recently, the best cryptographers could aim for was just pretty good secrecy with codes that were always compromised in some way or another. Quantum cryptography, on the other hand, is perfect: theoretically and practically secure.

A few companies have even sprung up to sell the gear that can send perfectly secure messages, mainly to banks and governments (although the gear itself creates some loopholes that eavesdroppers can attack).

But it’s still early days for this technology and naturally it suffers from several drawbacks. For example, one well known limitation is that quantum cryptography can only be used over point-to-point connections and not through networks where data has to be routed. That’s because the routing process destroys the quantum properties of the photons used to secure messages.

A lesser known limitation is that the sender and receiver of quantum encrypted messages–the famous Alice and Bob–must be perfectly aligned so that they can carry out well-defined polarisation measurements on the photons as they arrive. Physicists say that Alice and Bob must share the same reference frame.

That’s not so hard to do when Alice and Bob are both based in labs on the ground. But it’s much harder when one or the other is moving, in a satellite, for example, which would be both spinning and orbiting the Earth.

Today, Anthony Laing from the University of Bristol and a few pals show how to get round this. The trick is to use entangled triplets of photons, so-called qutrits, rather than entangled pairs.

This solves the problem by embedding it in an extra abstract dimension, which is independent of space. So as long as both Alice and Bob know the way in which all these abstract dimensions are related, the third provides a reference against which measurements of the other two can be made.

That allows Alice and Bob to make any measurements they need without having to agree ahead of time on a frame of reference. There is one proviso: Alice and Bob cannot move too quickly during the measurements since this changes their relative orientation and a new qutrit will be needed to establish a reference.

That’ll be useful for quantum encryption over satellite links, the kind of thing that government agencies and the military might want to do. But there’s another, more valuable application.

If quantum encryption is ever to be widely used, it’ll need to work between one microchip and another without the need to share a frame of reference in advance. That’s always been a problem because the chips inside computers are constantly on the move (relative the the wavelength of light) and because photon polarisations drift as they move through optical fibres, introducing another source of error.

That’s why quantum cryptography that is reference frame independent is an enabling technology and so potentially hugely valuable. It means that Laing and co may have made one of the key breakthroughs that will bring quantum cryptography to the masses.

Ref: arxiv.org/abs/1003.1050: Reference Frame Independent Quantum Key Distribution

Source

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

New US-CERT PGP Key

US-CERT has generated a new US-CERT Publications PGP key. We use this
key to sign all publications, including documents sent to this list.
Effective immediately, this new key (key ID 0×093916B7) is available
and will be valid until Saturday, October 1, 2011. This key replaces the
current PGP key (key ID 0xBEE871AC).

To obtain further information or to download the new
US-CERT publications PGP key, please visit

or

A copy of this new key has also been included at the bottom of this
message and sent to public PGP key servers.

In accordance with good key management practices, we have also generated
a revocation certificate for the existing PGP key. The revocation
certificate for PGP key id 0xBEE871AC has also been included below and
sent to the public PGP key servers.

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS5F5Jj6pPKYJORa3AQKY7ggAk2StZdxazu29BfDJBIyXlzHKyGD4Tn5S
/3d2PsGnflEp2o5Imt8hUa7kWSrz3z+Z1xtmkB1hh+5uBeA4OdAQG4Zr6unlyTb1
ufVdB3EDRBUhqJ+SBIicqJLjwOdwPCnGXQDM597STT28CUCPIdf6ejGI4ZmRWDuL
FHClAsj5dnsK1TW+1rg5CpKJvNx8DSFQMGwsHTd5xyGLutpctZbvtw4xUT0bSgzt
71oDbSVTn3GDIcWhv2MpSy+K1lo7KJSilmwRr4rjEwZ90QPLHnkuxLYDTg3Dkxxu
DsaSFJMQ6jEgVWQZiMxy53aah5RzU0NZSKl7Cst5nJvkriBFmwMerA==
=Vfxw
—–END PGP SIGNATURE—–
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.5 (GNU/Linux)

mQENBEuPx5IBCADJcQEYmhJEnI97gjhyww/H/TskTPPXxHrhVvCv/thU8r7G1zXU
rMpU8o1hJgRoke7hqWFigHK3X5rJgWmoF/GqvwyTuYwews+8U9J9Q1NRBJle6ROW
A/lEOcwF9P8K0sU6vCXG8i9I7AdEVvuJSgywr84CxhSfGUD1Ua6bOk+2GbzMNLyz
+CZK399/5w4nnEvgNlSL5006QJA7Q4ETRer/g3OTCOq5+FK8fZSPZaYs/mj/qmpN
STPihcZXEZMCn18oPkr40y3PqyyCPaFbunG4afWi4aNK/bWipjsvv3xftZAGa7dw
yYYe1ML0TV9UEIy1hzLpGo6WBWQZ2L9zIqwBABEBAAG0LlVTLUNFUlQgUHVibGlj
YXRpb25zIEtleSA8dXMtY2VydEB1cy1jZXJ0Lmdvdj6JATwEEwECACYFAkuPx5IC
GwMFCQL2DoAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA+qTymCTkWt71xB/9K
ZLP6tef/OCBwSSECWP330k4MJrcOGpcOETxLiIlmgK7zDbL6rPS7Y5M63MEXqfd8
9Cxf3RT9mawSCj/b54JpFct8crPGyCGgoqdtia8VmJtM2/OCXIqCzf50kzlDtpC1
jKxrL90N0woEm+ol4jnMXI6MYDitByQ4jA2Z1BXQCUBu6KhjmQSFq0LNrqqrkTfR
ypnrCiqjmAFSmj5BWDfiUlCX9JLWSDPsVjWkrZ60Ogsv2zWNXRlzLIgt6ovt8mzT
1ikz4CnMpcSv6Y09eOteTTAcUrtPfPXuEHnqY/egIPa8Lxf5kKU2m92NRbLkOBrL
AoZjzpGA77sY5dKVWytkiQIcBBABAgAGBQJLj8xPAAoJEEWjTleKqjfILicP/3YP
VBX9CaXdBOvSEgKnP7WdUIs50pBq2tgqj5Q6prc58elG45GyEP5Y9YESqmdRC3a3
AlTO0kMKiRwIi/XArOTlWo+bCYK0qnjEIBHkXzeusSi4vOtndzDBC0cVxUwJY4dZ
egFYO1wm5kH6payKSOWQXFDCUwpa4I/j4doxJ7qfVSbcvuZYQ6mbrI3A962mQVM+
rkOzJpYaRwvY2RCScR+9HnduYunsyGjaSsSo6qVwbPLXypxW3qbtzCGeFsSYtrTM
1OY14Dln/WCflaVsBjai44t7eKOhk52Gbi0zoZC+ANIFwcVgHEd8R7ktzwAevTVJ
3vZvUJpJkAyZL5bOmItLwq2FLdPJTRWCtwllJH1XnwncoNj6w9hHJfURxAvpT9z0
pZj3IOb3ERR4RnJNsgdA73IcX8FcUsYI4ASX7uFNnjvj1wsGS328V/sJhFv+Vn96
90i3KlfAPqUv0fZ+/xeOQn7lvCyByX56l/fxRW2Kh+tML98luTRjRTL3XioBqTDW
aoqeIG/2mf8UqA5umJFCO43fotaSTQXHumWiOB2AK9pqwOdLPCAS2Pyh6n2nf0TD
IYvG1CKp1KYGTFj/lXyjgD5RNO52×2fWybNiILvF3J7HWEDaKytJrE3zcbyM2NRp
/NtUXf1zFBrLO4JRQ8iOlNV0zvVJxJFicU6v/HIumQENBEtYY9MBCADa4DSI00lH
FCvLg0hOU9P/YLYQuSSSk2Z++86OSC3AJICiKV8lusswXGSYcSL4kFs2F2tTCet/
N3M7bkN7qgoCF5X+Pr0pRCkfdoWPVaEj58Kz8pa7sdl9yPu83f5mv7wSTK/lvTja
GmXo/QFcj+OR/Y0G2dOmeSmWlev/+ydUvSidmKj6pLfZDqmHsHLRg9VLhOakhGhS
b1gXQsj5Ei9CeXaiqMkXKz+iUBR6HKwk62Tk5vn0LGmIquvLBPTMKVon7JLaCYgp
01ZCIN5ZV2YyIiMzJ/GSKzxZsx+rdjxsGuE3MWA6qwgfVF1uw0ayuTCVimpclRAp
axN3pyRH8VTjABEBAAGJAR8EIAECAAkFAkuP0jgCHQAACgkQL8T2R77ocaydWQf8
CVUpTyzB46hXrV0XR6YLqiar/u5mLXto+6S2KWCgA0xWew599IzMjD76fNcWXPUe
SSBsZAC8v8RayNh5rXncrZXnL6XxHxDFBe/rOQOrx5UcC2Ytv0C8JCeihJJKPEHK
O/9ab5YkBn9D6YpwOmsxtjsUYAsP/IB/+WEtXaztROxwIecM7JDotFe+RFcaKz3l
Ar2QBQAPnFdZbch1wZ454/kQMh3VUj6kSiH/HdN7qgwiRuzgV7jkczin1e0GXTmL
AyNDZogy8wcV7UjV5Iz5IOk3GUf6yNxYis2Akp7JKiFzpe66VGmQabdv7RkpIkgd
s3bnDg/aNmuda/Gu1Gw9LbQuVVMtQ0VSVCBQdWJsaWNhdGlvbnMgS2V5IDx1cy1j
ZXJ0QHVzLWNlcnQuZ292PokBPAQTAQIAJgUCS1hj0wIbAwUJAy6/AAYLCQgHAwIE
FQIIAwQWAgMBAh4BAheAAAoJEC/E9ke+6HGscmIH+wfSN3hqUyWLLeGVPPEUHGv3
YNFQwZylT1DVMm8Qe8IjOoG84PxvuVOjnzsI0TL3PatKU/FIOBlHe1SXx6BIWrxK
mlm64uSJhidAWACBFSFdsHmuvjPfThvA6T5nFU5/c6d2LNwPVYa6uVrpZ+Y60zR5
zbjbM5Vbw2KWP7PEnyWtM9tYyUf/Zx/Zws5tXORvuJlMNOwWPdNXFHNWf9i9vvxo
2xWLS7GhRRgksiPypzFMxA/rh04grAPVBcBYbJiq/RlrVKTk5n44RkPNUYT4DS3+
wA7wXS2pNRKt81Am+KV7NU6×4y4Fbnu8rbLHOC8973fV7s6Sj98eUhW4F6QkoT2J
AhwEEAECAAYFAktYZpoACgkQRaNOV4qqN8hZ5Q//b/OVkGKsFaqDWNXXZyvw/MeU
fkD9CB5sbiWca07Ei1N+Tzl355twSIzd/mwYNlwqGo9ZKVcbLjefXXe4KrDUPsaY
mHbT8YkHNeOUZKEVDWR6MsV5rPiu2/ljrp+84E70l+Upwia0WwPWgEQyAGDrSXQK
13saIlGOaV4ux7h8BepH5icKa718HTm74dVa/3dw3/A2xxqJuVgZWCYmG9y7XXwh
aG3AFsARTiSDw1IElcOQOCCiiWIOSX4q/zXxA0SkP7BVoV709diz3k/jELlSBA32
NwAwbCoYO9ZPip+F+91JdJt9nWKs7al1Dib6WhmXxNvkfmKGDjEfAZ4Pnqu2/fAc
ly7rLZN5V43thQr61qPmCw9lSSuSQo8r0wmzW54cBHwIoDY4KMBFFjx94WLgVggF
1nns/YzSC7xJTRk5RS1KqJwlgAnREwHa2o1S/92vD7e8btTskzA15iIOo0dzNcsN
hHOfiyP/2qKFcng0Mp910B7QutHk8yWyqjXiFIkkvvfqpJKIiYtMXttSqM/uiW+B
0sEKqar/VmENYPUVgiyKKQHEfSdaH8Y4/L2SXDrBNNVxWR5eEnlNT382mhAIHN6R
BlI+273gYnU722hUYWKUhF7OkIB3QCIDghVqhgsOQuSaoHz7urylaVfgO2D7owUF
fwiNUPckqp0xXGeBFZU=
=8RIm
—–END PGP PUBLIC KEY BLOCK—–

Source

The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered.

RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety of their customers’ information online.

The scientists found they could foil the security system by varying the voltage supply to the holder of the “private key,” which would be the consumer’s device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly unlikely that a hacker could use this approach on a large institution, the researchers say. These findings would be more likely to concern media companies and mobile device manufacturers, as well as those who use them.

Andrea Pellegrini, a doctoral student in the Department of Electrical Engineering and Computer Science, will present a paper on the research at the upcoming Design, Automation and Test in Europe (DATE) conference in Dresden on March 10.

“The RSA algorithm gives security under the assumption that as long as the private key is private, you can’t break in unless you guess it. We’ve shown that that’s not true,” said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science.

These private keys contain more than 1,000 digits of binary code. To guess a number that large would take longer than the age of the universe, Pellegrini said. Using their voltage tweaking scheme, the U-M researchers were able to extract the private key in approximately 100 hours.

They carefully manipulated the voltage with an inexpensive device built for this purpose. Varying the electric current essentially stresses out the computer and causes it to make small mistakes in its communications with other clients. These faults reveal small pieces of the private key. Once the researchers caused enough faults, they were able to reconstruct the key offline.

This type of attack doesn’t damage the device, so no tamper evidence is left.

“RSA authentication is so popular because it was thought to be so secure,” said Todd Austin, a professor in the Department of Electrical Engineering and Computer Science. “Our work redefines the level of security it offers. It lowers the safety assurance by a significant amount.”

Although this paper only discusses the problem, the professors say they’ve identified a solution. It’s a common cryptographic technique called “salting” that changes the order of the digits in a random way every time the key is requested.

“We’ve demonstrated that a fault-based attack on the RSA algorithm is possible,” Austin said. “Hopefully, this will cause manufacturers to make a few small changes to their implementation of the algorithm. RSA is a good algorithm and I think, ultimately, it will survive this type of attack.”

Source

Cryptographers are expecting several of the major cryptographic systems in use today to be broken in the near future.

In the Cryptographers Panel session at the RSA Conference Tuesday, Adi Shamir said that he is working with a team of researchers who have put together a paper that describes an attack that will break AES 128 within 10 rounds.

“And if you go to AES 256, we can break the entire cryptosystem,” Shamir said.

Shamir, one of the inventors of the RSA algorithm, was speaking on the panel with Ron Rivest, Brian Snow of the National Security Agency, Martin Hellman of Stanford University, Whit Diffie, and Ari Juels of RSA Security. The panel, which is an annual event at the RSA Conference, usually provides some of the more interesting anecdotes of the conference, and this year’s was no exception.

In addition to the work against AES, which is the encryption standard used in many cryptosystems today, Rivest said that he expects 1024-bit RSA encryption to be broken relatively soon.

“I expect that RSA 1024 will be broken within a decade,” Rivest said. “People should start moving to 2048 soon.”

Rivest, a professor at MIT who worked with Shamir and Len Adleman to design the original RSA algorithm, also said that he still gets email and calls from people wanting to use the MD5 hash function, which he designed in 1991. MD5 was widely used, but has been shown to have several weaknesses in recent years.

“I always say to them, ‘Don’t you understand that MD5 is an extinct hash function? It’s dead,’” Rivest said.

Juels, chief scientist at RSA Labs, moderated the panel and asked all of the speakers whether they had ever done anything foolish.

“I’ve rarely done anything else,” Diffie said, which got a nice laugh from the crowd.

Hellman took the question a bit more seriously, but essentially echoed Diffie’s answer, saying that his original research with Diffie in the 1970s that led to the invention of public-key cryptography was looked at as a black hole when they started it.

“I was told by all of my colleagues that cryptography was a waste of time. The NSA had a massive budget, we didn’t know how big at the time, and they had been working on the problem for decades. We were told there’s no way we’d discover anything that they hadn’t already found, and if we did, they’d classify it,” Hellman said.

Source

The Obama administration gets a chance to demonstrate its cybersecurity leadership as three top guns from the executive branch – Homeland Security Secretary Janet Napolitano, White House Cybersecurity Coordinator Howard Schmidt and FBI Director Robert Mueller – address the RSA conference in San Francisco next week. It’s sorely needed.

What Napolitano and Schmidt – late additions to the roster of keynote speakers at the IT security conference – as well as Mueller say could signal the direction the White House will take to lead the nation in securing federal digital assets and the America’s critical IT infrastructure. Though the White House is working hard to fine tune its cybersecurity agenda, it’s been doing so in relative silence.

What these leaders need to demonstrate in their speeches are precise actions the administration will take in the coming weeks and months to protect America’s key IT systems. Visible leadership is required at a time when most news about protecting government and key private IT systems is terrible:

* Former Director of National Intelligence Michael McConnell, at a Senate hearing Tuesday, said the United States would lose a cyber war if one were held now.
* Bipartisan Policy Center held a simulated a cyber attack that disrupted smart phone service to 20 million customers, shut down an electronic energy trading platform and crippled the power grid along the Eastern seaboard.
* The month-old discussions about attacks from China on Google and other companies has not abated.
* Security firm Symantec issued a survey of IT managers that identified cyber attacks the most significant risks they face: 42 percent vs. 17 percent for traditional criminal activity and brand-related events, 14 percent for natural disasters and 10 percent for terrorism.

Meanwhile, the odds of significant cybersecurity legislation reaching President Obama’s desk this year are seen, at best, 50-50. Word circulating the Capitol is that cybersecurity legislation has stalled in the Senate partly because the White House has remained mute – at least in public – on these measures.

In Schmidt, the administration has one of the most respected cybersecurity experts whose excellent communications skills should be exploited to help drive its IT security agenda. It would be interesting to hear from him at RSA what the administration would like to see in legislation emanating from Congress.

As for Napolitano, she often spoke of cybersecurity challenges in the past year, but a press release from her office suggests her remarks will not be specific but will address the “broad mission to protect the nation’s cyber infrastructure, systems and networks, and the responsibility of all Americans in maintaining cybersecurity and resiliency.”

Let’s hope Napolitano, Schmidt and Mueller provide in their RSA speeches specific administration actions that will demonstrate a government leading on this all important matter.

Source

Encryption is an essential element of any data protection plan. It applies from the employee desktop to the data center and the cloud, and all points in between. IT organizations are adding cryptographic measures to maintain consumer privacy, preserve data integrity, avoid data loss, prevent intrusions, and address compliance demands. Each new data protection technology contributes to a growing volume of keys that need to be managed, and fractures the hope of maintaining control.

PGP® Key Management Server provides organizations with the infrastructure and tools to manage large scale deployments of encryption keys and certificates. Instead of using proprietary standalone key repositories or custom single purpose tools, PGP Key Management Server delivers a better approach to managing encryption keys by starting with a design core around supporting different types of keys, trust models and applications.

* Pare down operational cost and complexity – Maintaining multiple key repositories requires extensive labor, resources, and expertise. PGP Key Management Server simplifies the environment with a consistent administrative interface.
* Reduce risk of unrecoverable data – Ensure that dependable key recovery methods are in place before the need arises.
* Prevent unexpected downtime – Unanticipated certificate expirations can bring business to a standstill. Automate certification updates and eliminate certificate accidents that lead to system outages.
* Stay in control – IT leaders need to know if their security policy matches reality. Key management helps organizations account for encryption keys throughout their environment and demonstrate proof of compliance.

PGP Key Management Server provides a versatile foundation to centralize management of encryption throughout the enterprise to help organizations take control over their encryption keys, strengthen security, and reduce operational cost.

Source

The cost of a data breach rose last year to $204 per customer record, according to the Ponemon Institute. The average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009.

The cost of a data breach increased last year to $204 per compromised customer record, according to the Ponemon Institute’s annual study. The average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009.

Ponemon Institute based its estimates on data from 45 companies that publicly acknowledged a breach of sensitive customer data last year and were willing to discuss it.

Breach costs increased just $2 per compromised customer record, as compared to 2008 costs. However in the five years that Ponemon Institute has conducted its study, costs have increased from $138 per compromised customer record.

In tallying the cost of a data breach, Ponemon Institute looks at several factors including: the cost of lost business because of an incident; legal fees; disclosure expenses related to customer contact and public response; consulting help; and remediation expenses such as technology and training.

There appear to be three main causes for a data breach, says Dr. Larry Ponemon, chair and founder of the Institute, as indicated by the 45 companies that shared their stories for the “Fifth Annual U.S. Cost of Data Breach Study,” sponsored by PGP.

“As part of our analysis, we try to get at the root cause of the data breach,” Ponemon says. “There’s negligence, where people make mistakes, such as lost laptops, accounting for 40% of the data breach cases. There are system glitches, such as a third-party sending out statements they shouldn’t, which was 36%. And there are malicious and criminal attacks, at 24%.”

Ponemon adds that 2009 brought “more sophisticated criminal attacks that didn’t show up on our radar screen” the previous year. These malicious attacks often involved botnets and were carried out for reasons of financial gain.

Overall, 42% of all cases in the Ponemon data-breach study involved third-party mistakes and flubs. In addition, more than 82% of the cases in the Ponemon study were organizations that had more than one data breach in 2009 involving the loss or theft of more than 1,000 records containing personal information. At about 40% of the companies that participated in the study, the chief information security officer (CISO) was in charge of managing the response related to the data breach.

The management skills of the CISO, or an individual in an equivalent position, seemed to help hold down the cost of a data breach: The average per capita cost of an incident was $157 per record for companies with a CISO, versus $236 for companies without one.

The magnitude of the breach events, according to the study, ranged from about 5,000 to about 101,000 lost or stolen customer records. Among the incidents reported, the most expensive data breach cost nearly $31 million to resolve, and the least expensive cost $750,000.

Source

Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr.

“End-to-end encryption is a good way to mitigate the risk of having the kind of compromise that we and hundreds of other companies have had,” Carr said in an interview.

“We’re using encryption on the front end to keep card numbers out of our merchants’ systems, and to also have all the card numbers coming through our network be encrypted throughout, except at the point of decryption,” he said.

The company, which handles more than 4 billion transactions annually for more than 250,000 merchants, will be using Thales nShield Connect hardware security module along with Voltage Security’s SecureData encryption software as the basis of this capability.

In January 2009, Heartland Payment Systems reported that it found that intruders had penetrated its systems and planted software to harvest card numbers, using SQL injection attacks to plant programs inside the network that would sniff the card numbers.

In August, the U.S. Department of Justice indicted Florida resident Albert Gonzalez for this breach, along with those of several other companies that were attacked. Gonzalez pleaded guilty last month.

The 2009 attack on Heartland actually stemmed from an earlier breach that occurred in May 2008, Carr explained. “We thought we did everything possible to clean it up,” he said. It turned out, however, some of Gonzalez’s malware went unnoticed.

On Jan. 12, 2009, Heartland was alerted of unusual activity stemming from the card numbers in the company’s system. Over the rest of that week and into the weekend, the company located the malicious software, and consulted with law enforcement and the credit card companies. Heartland announced the breach the following Tuesday, Jan. 20.

Subsequently, the company was criticized for announcing the breach during the inauguration of U.S. President Barack Obama, which dominated media coverage that day. Carr explained, however, that the announcement had to be made before the U.S. stock markets opened — the previous day was a U.S. holiday — in order to avoid the appearance of insider trading among any of the affected companies, should their stock prices be swayed by the news.

Although the DOJ reported that Gonzalez and his cohorts had gathered as many as 130 million credit card numbers, Carr would not specify how many card numbers were copied from his system alone.

“Nobody really knows the right number and we’re not privy to all the data that exists,” he said. “We believe the number is less [than media accounts], but we’re not arguing it was an insignificant breach.”

Source

Researchers have decomposed a 768-bit number with 232 decimal places into its two prime factors and published a paper with their results. The number is the string released as “RSA-768″ under the now defunct RSA Challenge. As a result, RSA encryptions with 768-bit keys must, from now on, be considered cracked.

It took the team of researchers from Switzerland, Japan, Germany, France, the US and the Netherlands about two and a half years to perform the factorisation. The first step of the calculation, polynomial selection, required half a year on a cluster consisting of 80 PCs, while the second and considerably more labour-intensive sieving step took about two years on a cluster of several hundred computers. According to the researchers, a single Opteron processor with 2 Gbytes of RAM would have needed about 1,500 years to complete the sieving step.

As RSA-512 was cracked about a decade ago, the researchers assume that the computing power required to master RSA-1024 is likely to become available in about ten years. They therefore recommend that all 1024-bit RSA keys be decommissioned by 2014 at the latest.

Source

The competition to select the new Secure Hash Algorithm standard for government has moved into the second round. The National Institute of Standards and Technology has winnowed the 64 algorithims submitted down to 14 semifinalists.

Of the 64 algorithms submitted in 2008, 51 met minimum criteria for acceptance in the competition. The cryptographic community spent the next year hammering at the candidates, looking for flaws and weaknesses.

“We were pleased by the amount and quality of the cryptanalysis we received on the first round candidates, and more than a little amazed by the ingenuity of some of the attacks,” said Bill Burr, manager of NIST’s Security Technology Group, in announcing the initial narrowing of the field in July.

Submitters of algorithms that made it through the first round of competition had until September to tweak the specifications or source code, and the final list of second round contenders was recently announced. The 14 second-round candidates are called BLAKE, BLUE MIDNIGHT WISH, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein. Candidate algorithms are available online at www.nist.gov/hash-competition.

The selection of five finalists is expected by the end of this year, with adoption of the new standard, which will become SHA-3, expected in 2012.

A hashing algorithm is a cryptographic formula for generating a unique, fixed-length numerical digest — or hash — of a message. Because the contents of the message cannot be derived from the hash and because the hash is to a high degree of probability unique for each message, it can be used to securely confirm that a document has not been altered. It also can be used to effectively sign an electronic document and link the signature to the contents.

SHA-3 will augment and eventually replace those algorithms now specified in Federal Information Processing Standard 180-2. The standard now includes SHA-1 as well as SHA-224, SHA-256, SHA-384 and SHA-512, collectively known as SHA-2. The standards undergo regular reviews, and the decision was made to open a competition for SHA-3 in 2007 after weaknesses had been discovered in the currently approved algorithms.

Source