Scientists crack RSA SecurID 800 tokens, steal cryptographic keys

Discussion in 'privacy technology' started by ronjor, Jun 25, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    http://arstechnica.com/security/2012/06/securid-crypto-attack-steals-keys/
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    http://blogs.rsa.com/curry/dont-believe-everything-you-read-your-rsa-securid-token-is-not-cracked/
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    The problem with the general tech media is they don't understand cryptography (at all) and thus exaggerate claims of cracking algorithms and protocols. As the RSA blog explained, this attack only works if the attacker has control of your smartcard and the pin. As they pointed out, if they have that it's game over anyway. It's nothing but a theoretical exercise to explore weaknesses with PCKS v 1.5.

    It's the same story with the recent news of Fujistu "cracking' pairing based crypto schemes. As was pointed out by Professor Dan Boneh at Stanford (one of the foremost experts in pairing based cryptography), the Fujitsu crack exploits a vulnerability that researchers have known about since 1994. His quote:

    Moreover, the Fujitsu result only works in a certain finite field group GF(3^582), which most schemes do not use anyway.

    This is why I always wait to read the analysis of experts before I start panicking about new cryptanalysis results (Schneier is usually a good source, but he didn't even cover either of these stories on his blog, which goes to show the relative unimportance of them).
     
Loading...
Thread Status:
Not open for further replies.