Japanese Researchers Crack Supposedly Hack-Proof Cryptography
June 19, 2012 3:54 PM
comment(s) - last by
Researchers who developed standard claimed it would take "thousands of years to crack", but it took only 148 days
We're living in either a dark, dysmal time for cryptographers or a golden,
glorious age for hackers
depending on how you look at it. Casual hackers are making short work of supposedly
modestly-secure older hashing
, and even supposedly-super-secure "strong" encryption techniques are falling to novel attacks.
I. Pair-Based Cryptography Continues to Fall in Security
The latest victim in the march of progress is pairing-based cryptography, an approach that was thought to hold the key to super-secure future communications. Japanese electronics giant Fujitsu Ltd. (
, and Japan’s
National Institute of Information and Communications Technology
a 278-digit (923-bit) cryptogram, easily besting the previous world record of 204 digits (676 bits).
Researchers who worked with pair-based cryptography have in the past expressed confidence that 900+ bit cryptograms would take hundreds of thousands of years to crack. But Fujitsu,
. achieved the feat in a mere 148.2 days -- less than half a year -- running on a 21-computer cluster with 252 cores.
Fujitsu has cracked an encryption that was previously estimated to take "hundreds of thousands of years" to break. [Image Source: Fujitsu]
By employing parallel programming methods and other novel techniques to the attack, the research team was able to cut the time that would have been required by a less state-of-the-art brute force attack with previous methods.
II. Cat and Mouse -- No System is Unbreakable
Fujitsu warns that the shocking success should serve as a warning to security firms that what seems like reliable standards may be crackable sooner than they think, and unsafe not too long after that. Writes the company:
As cryptanalytic techniques and computers become more advanced, cryptanalytic speed accelerates, and conversely, cryptographic security decreases. Therefore, it is important to evaluate how long the cryptographic technology can be securely used.
We were able to overcome this problem by making good use of various new technologies, that is, a technique optimising parameter setting that uses computer algebra, a two dimensional search algorithm extended from the linear search, and by using our efficient programing techniques to calculate a solution of an equation from a huge number of data, as well as the parallel programming technology that maximises computer power.
Cryptography today is facing a two-side assault. On the one side are the crackers, looking to employ novel methodology to reverse advance encryption. On the other side are the exploiters, looking to identify and leverage fundamental
flaws in the implementation
, flaws which sabotage the reliability of the underlying methods.
Unbreakable security is a fantasy. [Office Hackery]
Some public keys encrypted by
the RSA standard
were recently found to have "no security at all". The culprit, said Swiss researchers who published their findings in February, was improper generation. Likewise in 2010 Norwegian researchers
[abstract] results indicating
could be cracked via attacking the photon detectors that implemented the encryption via quantum mechanical effect. Here, the quantum cryptography itself was likely strong enought to stand up to any direct assault, but the glaring weak spot was the encoders/decoders in the system, which could be hijacked with traditional attacks.
Of course security researchers will surely scramble on to new and safer protection schemes. But it's more clear than ever that uncrackable encryption is anything but.
This article is over a month old, voting and posting comments is disabled
6/19/2012 7:51:49 PM
So... It took them only 3 years to go from cracking 676 bit encryption to cracking 923. At this rate, they should be able to break 1024 in a similar amount of time within a year or two.
6/19/2012 9:26:02 PM
Well, not really...
Imagine that in 1 years 1024 bits can be cracked in 6 months with that computer...
1 - Any document you "legally" sign, after those 6 months of having the keys being used are actually worthless - anything can be signed with your both public keys now!
2 - That computer seemed like a week one, for anyone wanting to go in strength to get potentially zillions of dollars (as being able to sign documents for other people is worth that), so put a really good supercomputer and it would maybe be done in 1 week or even 1 day... and now 1024 bits is unusable.
In security, you must adequate what is being secured to the security employed, so...
1024b can only be used for stuff that u don't mind as having as public, like having a normal wooden door at your house.
2048b can be used safely for a few years (to be confirmed every year with new methods like this one), like installing a great safe at home or even at a bank (the probability of being taken is low)
4096b can be used safely for several/lots of years (to be confirmed every few years), like having something at the safe where money gets printed (security measures are really huge)
So don't trust public key crypto with 1024b for anything you really can't have it made public!
Same thing for symmetric-key algorithms (AES, ...) 128b maybe considered fine, but if you really want it safe, use 256b... that way when 128b gets cracked you'll hear about it and have time to move to 512b :)
"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs
Secure Wi-Fi? Not so Much -- Gaping Hole Found in WPS Pin System
December 29, 2011, 12:42 PM
Inside the Mega-Hack of Bitcoin: the Full Story
June 19, 2011, 6:40 PM
RSA Offers New SecurIDs in the Wake of Lockheed Martin Cyberattack
June 7, 2011, 6:36 PM
MD5 Is Officially Insecure: Hackers Break SSL Certificates, Impersonate CA
January 4, 2009, 5:04 PM
Researchers Crack WPA, No Brute Force Needed
November 7, 2008, 8:50 AM
Netflix Announces 7-to-1 Stock Split, Eyes Explosive Overseas Growth
June 23, 2015, 8:18 PM
Sources: Hack on Fed. Database Lost 4.1M Social Security Numbers, Personal Info
June 11, 2015, 9:11 PM
The Big One: Chinese Hackers Steal Records of 4 Million U.S. Gov. Employees
June 4, 2015, 8:13 PM
Tutorial: Here's How to Force YouTube or Vimeo VIdeos to Embed as HTML5
June 3, 2015, 10:14 PM
Google Finally Fixes Maps Bug That Was Giving Racist, Profane Results
May 21, 2015, 1:43 PM
The Pirate Bay Loses Its Iconic Swedish Dot SE Domains
May 20, 2015, 6:31 PM
Most Popular Articles
Windows XP, Vista Users Can Get Free Windows 10 Upgrade Thanks to Loophole
June 23, 2015, 2:23 PM
SanDisk's 200GB microSDXC Card Turns Smartphones Into Enviable PMPs
June 26, 2015, 2:02 PM
U.S. Navy Spends $9M USD to Cling to Windows XP, Office 2003
June 24, 2015, 2:03 PM
Under the Hood: Digging Into Sony's New CUH-1200 PS4, 1 TB Ultimate Player Ed.
June 23, 2015, 10:33 AM
Xbox Outsold 108-to-1 By PS4 in Japan, Weekly Sales Fall to 100 Units
June 22, 2015, 1:54 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information