Japanese Researchers Crack Supposedly Hack-Proof Cryptography
June 19, 2012 3:54 PM
comment(s) - last by
Researchers who developed standard claimed it would take "thousands of years to crack", but it took only 148 days
We're living in either a dark, dysmal time for cryptographers or a golden,
glorious age for hackers
depending on how you look at it. Casual hackers are making short work of supposedly
modestly-secure older hashing
, and even supposedly-super-secure "strong" encryption techniques are falling to novel attacks.
I. Pair-Based Cryptography Continues to Fall in Security
The latest victim in the march of progress is pairing-based cryptography, an approach that was thought to hold the key to super-secure future communications. Japanese electronics giant Fujitsu Ltd. (
, and Japan’s
National Institute of Information and Communications Technology
a 278-digit (923-bit) cryptogram, easily besting the previous world record of 204 digits (676 bits).
Researchers who worked with pair-based cryptography have in the past expressed confidence that 900+ bit cryptograms would take hundreds of thousands of years to crack. But Fujitsu,
. achieved the feat in a mere 148.2 days -- less than half a year -- running on a 21-computer cluster with 252 cores.
Fujitsu has cracked an encryption that was previously estimated to take "hundreds of thousands of years" to break. [Image Source: Fujitsu]
By employing parallel programming methods and other novel techniques to the attack, the research team was able to cut the time that would have been required by a less state-of-the-art brute force attack with previous methods.
II. Cat and Mouse -- No System is Unbreakable
Fujitsu warns that the shocking success should serve as a warning to security firms that what seems like reliable standards may be crackable sooner than they think, and unsafe not too long after that. Writes the company:
As cryptanalytic techniques and computers become more advanced, cryptanalytic speed accelerates, and conversely, cryptographic security decreases. Therefore, it is important to evaluate how long the cryptographic technology can be securely used.
We were able to overcome this problem by making good use of various new technologies, that is, a technique optimising parameter setting that uses computer algebra, a two dimensional search algorithm extended from the linear search, and by using our efficient programing techniques to calculate a solution of an equation from a huge number of data, as well as the parallel programming technology that maximises computer power.
Cryptography today is facing a two-side assault. On the one side are the crackers, looking to employ novel methodology to reverse advance encryption. On the other side are the exploiters, looking to identify and leverage fundamental
flaws in the implementation
, flaws which sabotage the reliability of the underlying methods.
Unbreakable security is a fantasy. [Office Hackery]
Some public keys encrypted by
the RSA standard
were recently found to have "no security at all". The culprit, said Swiss researchers who published their findings in February, was improper generation. Likewise in 2010 Norwegian researchers
[abstract] results indicating
could be cracked via attacking the photon detectors that implemented the encryption via quantum mechanical effect. Here, the quantum cryptography itself was likely strong enought to stand up to any direct assault, but the glaring weak spot was the encoders/decoders in the system, which could be hijacked with traditional attacks.
Of course security researchers will surely scramble on to new and safer protection schemes. But it's more clear than ever that uncrackable encryption is anything but.
This article is over a month old, voting and posting comments is disabled
Careful making claims that no system is unbreakable
6/20/2012 10:52:57 AM
It cannot be broken if it is not even known. Millions of photos could be uploaded to facebook, each one with slightly altered data, altered according to an algorithm to encode any message anyone wants. And unless you have the original, unmodified image file, you simply have absolutely no way of knowing whether or not an image contained a message, much less be able to break it. Encryption methods like this simply can not be broken, mainly because you have no way of knowing if someone uploaded a doctored image, due to the fact that there is so much random noise in a high res photo. "Certain entities" are literally light years ahead of the mainstream when it comes to modern cryptography. If someone wants to communicate on the internet today and not be spied upon, rest assured they can do it.
RE: Careful making claims that no system is unbreakable
6/21/2012 3:52:18 PM
OK, I'll bite. If you want to detect the presence of hidden data in a picture, it is possible. A simple method (and thus only applicable to simple cases) would be to run a noise removal algorithm of you choice on the photo and store it as photo'. Then run a difference between photo' and photo and store the result as noisemap. Run FFTs on noisemap. Then you can compare its frequency response White Gaussian Noise. You'll find that the response is less uniform across frequencies than noise if there is a hidden message.
Keep in mind this is a simple example that makes assumptions as to the type of noise you would expect to see as well as simplifying the process of obtaining the noisemap. Also specialized wavelets may work better for obtaining the frequency response than FFTs. That said, the frequency responses of many sources of noise are known entities and there are multiple methods that can be used to obtain a noisemap.
Once a picture is known to have a hidden message we are basically back to standard cryptanalysis where the picture could be considered the salt. Just like with standard algorithms, the more messages encrypted with the same key (especially if they also use the same salt), the more information that is available to try to crack it.
Impossible? Also No.
"If you look at the last five years, if you look at what major innovations have occurred in computing technology, every single one of them came from AMD. Not a single innovation came from Intel." -- AMD CEO Hector Ruiz in 2007
Secure Wi-Fi? Not so Much -- Gaping Hole Found in WPS Pin System
December 29, 2011, 12:42 PM
Inside the Mega-Hack of Bitcoin: the Full Story
June 19, 2011, 6:40 PM
RSA Offers New SecurIDs in the Wake of Lockheed Martin Cyberattack
June 7, 2011, 6:36 PM
MD5 Is Officially Insecure: Hackers Break SSL Certificates, Impersonate CA
January 4, 2009, 5:04 PM
Researchers Crack WPA, No Brute Force Needed
November 7, 2008, 8:50 AM
Report: New UK Broadband Users Give Porn Filters the Shaft
July 23, 2014, 11:49 AM
Comcast Memo: Harassing Customers During Retention Calls Actually IS Our Policy
July 22, 2014, 5:19 PM
Aereo Now Claims It's a Cable Company, Reveals it Has Very Few Customers
July 22, 2014, 4:20 PM
Edward Snowden Presents Tech to Stop Government Spying
July 21, 2014, 12:00 PM
Verizon FiOS Network Upgrade Brings Symmetrical Upload/Download Speeds
July 21, 2014, 8:33 AM
Amazon Launches First Fire Phone TV Spot, Spends 30 Seconds Promoting Prime
July 18, 2014, 11:17 AM
Most Popular Articles
Microsoft Kills Entertainment Unit, May Shelve Flagship Lumia "McLaren"
July 18, 2014, 7:40 PM
JJ Abrams Unveils X-Wing Starfighter for New "Star Wars" Movie
July 21, 2014, 12:24 PM
Boeing 777 Malaysian Airlines Flight 17 Crashes in Ukraine
July 17, 2014, 1:00 PM
Toyota Scientist: Autonomous Vehicles May Lead to Increased Fuel Consumption, Pollution
July 18, 2014, 2:42 PM
Motorola Moto G Successor Reportedly Uncovered, Moto X Discounted by up to $75
July 21, 2014, 1:11 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information