A group of American and European mathematicians and cryptographers have uncovered a significant flaw in the encryption method currently used by banks, online shopping sites and e-mail services to protect sensitive data.
As first reported in The New York Times by technology columnist John Markoff, this week the researchers discovered a flaw in the random key generator for public key infrastructure, the standard for encrypting data that is sent over the Internet.
"A tacit and crucial assumption underlying the security of the public key infrastructure is that during key setup previous random choices are not repeated,” noted the researchers in their paper, titled “Ron was wrong, Whit was right.” The title refers to two early public key encryption pioneers, Ron Rivest and Whitfield Diffie.
The researchers discovered that numbers thought to be randomly generated were, in fact, repeated multiple times. In the 4.7 million discrete 1024-bit samples the group collected, 12,500 had a single prime factor in common, the researchers discovered.
They characterized their findings as “worrisome.”
If worrisome is the right word, then I'm hard-pressed to label what the researchers found when they looked deeper into the sampling: Out of 7.1 million additional samples, about 27,000 were vulnerable to discovery by cybercriminals. Even 2048-bit RSA moduli were vulnerable to attack, the researchers determined.
They concluded that “when exploited, it could affect the expectation of security that the public key infrastructure is intended to achieve.”
The researchers said their goal from the outset was to examine the commonly held assumption by the cryptographic community that each time random keys are generated different choices are made. In the vast majority of cases when generating public keys this seemed to be the case; however, they also uncovered “a more disconcerting finding ... that two out of every one thousand RSA moduli that we collected offer no security.”
The possibility of gaining access to supposedly, but now we learn not always, randomly generated public key numbers to read data in plain text is still highly unlikely. However, the news of the flaws in the encryption technology that generates security certificates easily could undermine public confidence in transacting business online.
In their conclusion, the researchers noted that research protocol would have called upon them not to reveal any weaknesses in the encryption technology until all concerned parties were notified and a fix was in place.
"The quagmire of vulnerabilities that we waded into, makes it infeasible to properly inform everyone involved, though we made a best effort to inform the larger parties and contacted all email addresses or specified in valid affected certificates. The fact that most certificates do not contain adequate contact information limited our options. Our decision to make our findings public, despite our inability to directly notify everyone involved, was a judgment call.”
Good judgment, I would say.