backtop


Print 22 comment(s) - last by JPForums.. on Jun 21 at 3:52 PM

Researchers who developed standard claimed it would take "thousands of years to crack", but it took only 148 days

We're living in either a dark, dysmal time for cryptographers or a golden, glorious age for hackers depending on how you look at it.  Casual hackers are making short work of supposedly modestly-secure older hashing standards like MD5, and even supposedly-super-secure "strong" encryption techniques are falling to novel attacks.

I. Pair-Based Cryptography Continues to Fall in Security 

The latest victim in the march of progress is pairing-based cryptography, an approach that was thought to hold the key to super-secure future communications.  Japanese electronics giant Fujitsu Ltd. (TYO:6702), Kyushu University, and Japan’s National Institute of Information and Communications Technology (NICT) cracked a 278-digit (923-bit) cryptogram, easily besting the previous world record of 204 digits (676 bits).

Researchers who worked with pair-based cryptography have in the past expressed confidence that 900+ bit cryptograms would take hundreds of thousands of years to crack.  But Fujitsu, et al. achieved the feat in a mere 148.2 days -- less than half a year -- running on a 21-computer cluster with 252 cores.

Fujitsu cracking
Fujitsu has cracked an encryption that was previously estimated to take "hundreds of thousands of years" to break. [Image Source: Fujitsu]

By employing parallel programming methods and other novel techniques to the attack, the research team was able to cut the time that would have been required by a less state-of-the-art brute force attack with previous methods.

II. Cat and Mouse -- No System is Unbreakable

Fujitsu warns that the shocking success should serve as a warning to security firms that what seems like reliable standards may be crackable sooner than they think, and unsafe not too long after that.  Writes the company:

As cryptanalytic techniques and computers become more advanced, cryptanalytic speed accelerates, and conversely, cryptographic security decreases.  Therefore, it is important to evaluate how long the cryptographic technology can be securely used.

We were able to overcome this problem by making good use of various new technologies, that is, a technique optimising parameter setting that uses computer algebra, a two dimensional search algorithm extended from the linear search, and by using our efficient programing techniques to calculate a solution of an equation from a huge number of data, as well as the parallel programming technology that maximises computer power.

Cryptography today is facing a two-side assault.  On the one side are the crackers, looking to employ novel methodology to reverse advance encryption.  On the other side are the exploiters, looking to identify and leverage fundamental flaws in the implementation, flaws which sabotage the reliability of the underlying methods.

Hacker proof
Unbreakable security is a fantasy. [Office Hackery]

Some public keys encrypted by the RSA standard were recently found to have "no security at all".  The culprit, said Swiss researchers who published their findings in February, was improper generation.  Likewise in 2010 Norwegian researchers published [abstract] results indicating quantum cryptography could be cracked via attacking the photon detectors that implemented the encryption via quantum mechanical effect.  Here, the quantum cryptography itself was likely strong enought to stand up to any direct assault, but the glaring weak spot was the encoders/decoders in the system, which could be hijacked with traditional attacks.

Of course security researchers will surely scramble on to new and safer protection schemes.  But it's more clear than ever that uncrackable encryption is anything but.

Source: Fujitsu



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Incredible
By StevoLincolnite on 6/19/2012 10:35:46 PM , Rating: 2
quote:
This is one of those things that really can go on forever. There will always be some dude selling the latest "crack-proof" software, then there will always be the guy that breaks it. You're only actually buying very small window of safety. 148.2 days, in this case. Pretty cool. And scary.


For sure.
Plus with GPU compute the venerable PC gets orders of magnitudes of compute performance at relatively modest prices... Making earlier Encryption methods easier to break.

It's not unusual to see a high-end gaming PC break the 2 Teraflop mark with 1-2 GPU's which is faster than allot of Super Computers with hundreds of processors from a decade ago.


RE: Incredible
By Calin on 6/20/2012 4:49:03 AM , Rating: 3
Encryption is (as of now) based on integer calculations, not floating point ones (or totally standard floating point implementations that differs on out-of-necessary-precision digits would not be compatible).
And as the GPUs are floating point compute monsters (but integer-compute puppies), cracking encryption on GPU clusters doesn't seem too probable.
I'd say FPGA specially programmed would be a better match for cracking encryption


RE: Incredible
By RedemptionAD on 6/20/2012 11:56:02 AM , Rating: 2
With Intel's recent release of Knights Corner, the cluster used could be equipped with that rather than a GPU array, and reduce the time considerably. A larger botnet or other shared computing platform could also decrease the amount of time required to break it to hours, rather than days. It seems that true security will require a proprietary seperate piece of hardware from the current methods.


RE: Incredible
By Autisticgramma on 6/20/2012 12:18:06 PM , Rating: 2
I don't believe hardware is the answer. I'm sure the TSMC wouldn't agree, however, once its hard coded, and deployed. Its difficult to update, and maintain the tit for tat.

If its hard coded, all you have to do, is crack the device, once.

Gramma.


"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki