SAN FRANCISCO– It’s been an interesting year in the cryptography world, with new attacks on several algorithms, continued problems with hash functions and the recent research on weak RSA keys. With all of that as a backdrop, some of the brightest minds in the field, gathered here for the RSA Conference, said that there are some worrying cracks showing in the cryptosystems that secure electronic communications.
Speaking on the annual cryptographers panel on Tuesday, Whit Diffie, Ron Rivest and Adi Shamir all discussed the many problems that are facing users and implementers of cryptosystems, and said that the issues are real, varied and difficult to address. The research published earlier this month that showed there are a small but significant number of RSA public keys that are either repeated or weak due to bad random number generators highlighted one problem, but there are others, the experts said.
To help address the problem of weak keys, though, Diffie suggested a possible solution: publishing a hash of every public key as it’s generated.
“What we want is to out these bad random number generators, so why don’t we just publish hash code for all of the primes selected to go into these keys? And anytime you generate one, you check the database and if you see it’s in the database, you know two things: you probably have the same random number generator and the key is no good,” said Diffie, one of the discoverers of public-key cryptography.
As problematic as generating strong public keys can be, Rivest, a professor at MIT and one of the inventors of the RSA algorithm, said that keeping the corresponding secret keys secret can be just as hard. The assumption that secret keys could be kept private is one of the underlying principles of public-key cryptography, and if it can’t be done properly, then the cryptosystems that rely on it can fail.
“The assumption that people can keep their secrety keys safe is one of those assumptions that I think we need to go back and examine more carefully,” Rivest said. “In fact, it’s been shown to be a bad assumption in many ways. We can’t keep keys safe.”
Rivest suggested that instead of focusing all of our energy on new and different ways to keep those keys safe, researchers also should be looking for ways to recover when those keys are stolen.
“We need to bite the bullet and say, what happens when our keys get stolen,” he said.
Shamir, another inventor of the RSA algorithm, agreed that the time may be coming for some changes in the world of cryptography.
“Our very best cryptosystems, after all this time, are starting to show some wear and tear,” he said.
That mindest that assumes an attack is coming and that it will succeed at some point is one that has taken hold in many corners of the security world, but not everywhere. Some of the security world tends to focus on each incident as a singular event rather than seeing a broader picture of attacks and trying to determine what to do after an attack succeeds. The panelists said that can be a dangerous way to think.
“When you’re in security, you move from one failure to the next,” Diffie said. “When you’re on offense, your supporters are thrilled with the results however you get in and you move from one success to another.”