Public Key Encryption Hacked
This post is perhaps a bit off-topic. But given that it’s potential connection to the possibility that millions will have their credit destroyed perhaps not.
Background:
This may be a little bit mathy. If so, my advance apologies. Encryption has long been one of my interests.
Public-key encryption, the one most commonly used in commerce is called RSA encryption, works by having two keys — one to encode and one to decode. Essentially, you have part of the cipher — the public key that you give to the public at large. Then anyone can encode a message and send it to you. The neat thing is that no one can take your public key and then decrypt any of your messages. For that, they would need the private key, which you keep to yourself. This kind of encryption is at work any time you look at your browser and see that little lock in the bottom right corner. It is used in nearly all Internet transactions.
The big idea behind this kind of encryption is that factoring, or breaking a number down into its prime divisors is difficult and time-consuming. While there are a few shortcuts, mostly the method to determine prime divisors is simply to try them one by one. Because its so time-consuming, to crack the encryption on your web browser would take modern computers longer than the life of the universe and certainly longer than any human life.
There has always been two big potential monkey wrenches here. One is the possibility that some crazy mathematicians figures a way around the supposedly hard problem of prime factorization. (There is no theorem that it’s got to stay a hard problem.) Two is that the computer power surges past the computations that would be necessary to crunch the numbers in a reasonable amount of time. Something of a hybrid of the two seems to have gotten it done.
Why You Might Not Want To Send Private Information Online For The Next Year Or More:
A couple of electrical engineers working on an entirely other problem have figured out that if you vary the voltage on the machine sending or receiving the encrypted message there will be errors, then if you examine the kind of errors that has occurred, you can figure out the private key in far less time. In this case, they were able to crack the RSA cypher in 10 days.
This should be huge news! Personally, I’d advise that you be cautious until the remedies can be implemented. The proposed remedies — that errors be purposefully included in all encrypted messages might work. (It’s still unclear if that doesn’t simply create a new much easier problem than the problem of factoring.) Until then, every rogue hacker has a blueprint of how to get into your private information over the Internet. There are a lot of people who have the skills to capitalize on this development before an effective remedy can be developed.
No comments yet.
Leave a comment
You must be logged in to post a comment.
Search
Categories
Archive
Links
- Adkisson’s Blog
- Choates Notes
- DealBook
- Executive Suite
- FindLaw Legal Resources
- Forbes Tax
- Long or Short Capital
- Nolo Press
- Politico
- Portfolio.com
- Quatloos
- RCLIM.COM - ATTORNEY PROFILE
- RCLIM.COM - CONTACT
- RCLIM.COM - GLOSSARY
- RCLIM.COM - HOME
- RCLIM.COM - PRACTICE AREAS
- RCLIM.COM - PRACTICE OVERVIEW
- Small Wars Journal
- State Tax Link Resources
- Stratfor
- The Big Picture
- The Note