back to article Crypto boffins: RSA tokens can be cracked in 13 MINUTES

Crypto boffins have developed an attack that's capable of extracting the protected information from hardened security devices such as RSA's SecurID 800. The research (PDF), developed by a group of computer scientists who call themselves Team Prosecco – due to be presented at the CRYPTO 2012 conference in August – is a …

COMMENTS

This topic is closed for new posts.
  1. dotdavid
    Facepalm

    "RSA downplayed the practical significance of the attack"

    Which would mean more if they didn't 'downplay the practical significance' of every attack, including the last one which turned out to be practically significant after all.

    1. Anonymous Coward
      Anonymous Coward

      Yes, but...

      I agree, but they are in a situation where lots of people review their own work along the lines of "This is it, we've totally blown open all of RSA's encryption system, this is a total game changer." when in actual fact the work can be more accurately described as "here is a very interesting attack, which may well warrant further investigation and shouldn't be discounted off-hand."

  2. umacf24
    Meh

    Only if it plugs into USB

    As far as I can see, this only applies to the smartcard which is packaged alongside the SecureID function in some tokens. Basically, if your SecureID token hasn't got a USB plug, it's not a smartcard and this doesn't apply. If it is a smartcard, it still doesn't apply to the SecureID function. I struggled with the paper, but I think the attack needs the PIN too -- and if you have the PIN and the token, you're in anyway.

    So this may be a little overblown.

    1. Anonymous Coward
      Anonymous Coward

      Re: Only if it plugs into USB

      Most pins are set to 1234 because users don't want another thing to remember.

      1. theblackhand
        Devil

        Re: Most pins are set to 1234 because users don't want another thing to remember.

        I'm not sure you can blame RSA for the quality of the users, although I suspect the real cause is IT indifference to security if the PIN's are set to 1234....

        Like many security products, just having it "working" doesn't make you or your organisation secure....

      2. Anonymous Coward
        Anonymous Coward

        Re: Only if it plugs into USB

        No they're not, you can prevent users from setting PINs to 1234.

        1. Anonymous Coward
          Anonymous Coward

          Re: Only if it plugs into USB

          "I'm not sure you can blame RSA for the quality of the users,..."

          I'm not blaming RSA on that one. I'm referring to the post I replied to that said you need the pin number too. which in many cases is trivial to guess.

          The number of users I set up who decided to use 1234 is quite high, as they thought the encrypted keyfob thingie was enough.

          "No they're not, you can prevent users from setting PINs to 1234."

          Our IT overlords have not done so. One of the many things I'd change if we weren't owned by a company so big it takes them a week to even look at an urgent problem.

          1. BS

            Re: Only if it plugs into USB

            > > No they're not, you can prevent users from setting PINs to 1234.

            >

            > Our IT overlords have not done so. One of the many things I'd change

            > if we weren't owned by a company so big it takes them a week to even

            > look at an urgent problem.

            0000, 1111, 2222, 3333, ...

            0123, 1234, 2345, 3456, ...

            ...

            are quite bad too... But if you eliminate all the bad passwords you'll lose entropy

  3. The Man Who Fell To Earth Silver badge
    Boffin

    All I know is...

    All I know is the best way to keep my secrets is to (1) only write them down on paper, (2) burn the paper, (3) scatter the ashes, and (4) then shoot myself in the head. The step order is crucial.

    1. Phil O'Sophical Silver badge
      Coat

      The step order is crucial.

      Not really. You could start with Step 4 and get the same result.

      1. Ramazan

        Re: and get the same result

        while also saving some paper, oxygen and cold.

  4. Stoneshop
    Headmaster

    RSA tokens can be cracked in 13 MINUTES

    What takes them so long? One good whack with your average hammer, a brick, or even holding it between a door and its frame while slamming it shut wil crack those tokens in a fraction of a second.

    1. The Unexpected Bill
      Happy

      @Stoneshop

      These token things are tougher than you might think. I came to have an "obsolete" token and decided to see what it would take to break the thing. A bored mind is a dangerous thing.

      The short answer: quite a lot!

      Don't try any of this at home, nor anywhere else.

      I threw it at walls, jumped on it, stomped on it, ran over it with a truck, attempted to stuff it into a paper shredder, chucked it down a two story staircase repeatedly and watered it. It was still in one piece up until I chucked it down the staircase. Then the casing started to break, but the electronics still worked.

      Around that time, I decided to pull the coin cell battery from it, and saved that for another project (probably re-enlivening a computer clock module or something) since it still seemed to be good.

      The end finally came when I threw it in the microwave oven for a few seconds...not once, but twice. Nothing happened the first time around, and the thing still worked when I put the battery back in. The second time produced a very nice flash and bang, which was the end of the line.

      Maybe you didn't ask. Now you know.

      1. Stoneshop

        Not very surprising

        Plastics, with some exceptions, tend to be tough relative to their weight. And when a widget is built to withstand abuse, you can bet that a drop, or even throwing it down on a hard surface, won't hurt it much.

        I'll get back to you.

      2. J. Cook Silver badge

        @The Unexpected Bill - Re: @Stoneshop

        I'll see if we have any expired tokens left from the last batch that we have and see if the chip blobs in the tokens are x-ray shielded. I know they are encased in epoxy and bugger-all tough to dismantle.

  5. Bill Neal
    Joke

    Name

    Oh that Joe-Kai Tsay...

  6. Skrrp
    Thumb Up

    This isn't really a real-world threat yet

    Firstly, oblig: http://xkcd.com/538/

    All these things are well and good but take a long time to mature into in-the-wild attacks. Speaking in a professional capacity* we saw the breaking of the Mifare encryption many years ago but we are still yet to see any serious determined effort in the wild to exploit the knowledge.

    We are still selling standard Mifare cards to customers who are quite happy and don't report problems with attacks many years after the cracking method became public knowledge.

    These breaking of methods seem to be good for theory in that when a standard is broken it forces manufacturers to up their game and come up with the next more secure solution but outside government level spook games this stuff doesn't seem to have a real world impact.

    *Full disclosure: I work in the plastic card security business, not the encryption business. I understand the article but not the encryption engineering behind it.

  7. Anonymous Coward
    Anonymous Coward

    May be a dumb question but

    Why don't people use 10,000 bit keys?

    If the size of the crackable key is always just out of reach, why not start using keys that are a hundred or a thousand times longer, instead of just a tiny bit longer that'll get cracked in a years time? Copy and paste a block of text or something. make it longer than the life of the universe to uncrack.

    1. Archimedes_Circle
      Boffin

      Re: May be a dumb question but

      The amount of security you gain by increasing the key size decreases rather quickly, especially when performance is factored in. Or at least that's the traditional model/assumption. There was an interesting thread on the openGPG mailing list last month, subject ="Some people say longer keys are silly. I think they should be supported by gpg."

      The OP was a nut, but it did result in some useful chatter. The main issue though is that under powered(mobile) hardware can't handle huge keysizes without creating an equally huge latency. That said, I run 4096 RSA keys on my phone without an depreciable lag, but many of the older OpenGPG members disagree.

      However, NSA current guidelines establish that once you go beyond 4096 bit security (actually I think it's 3072 bit) a better option is to switch to Elliptic Curve Crypto. That is far more efficient in terms of size. Normally security is scaled in X bits of symmetric cipher, and ECC 512 bit is = to 256 bit security; ECC-256 is 128 bit security. On the other hand, RSA 4096 is somewhat like 142 bits. Doubling that to RSA 8192 only ups the security to 194 bits. That's a huge increase in keysize (overhead) for very little security. So it's half that nobody will ever need more than 64 kb of ram, and the rest is that you cannot predict a break in a cipher system that means your security is not worthwhile, and the lag you introduced may present timing attacks, and useless overhead.

      Something like TWIRL cuts off 11 bits of security off of anything involving number factoring, and obviously quantum computers would shred through any RSA cipher.

  8. BS
    Mushroom

    @Skrrp, "We are still selling standard Mifare cards to customers who are quite happy and don't report problems with attacks many years after the cracking method became public knowledge."

    Your customers aren't reporting problems because they don't know they are being attacked! People ride for free on the London Underground due to the vulnerabilities in Oyster cards. Do your customers know that you are selling them obsolete kit? Are you advising them of the risks? You really should be!

    @Anonymous Coward, "Why don't people use 10,000 bit keys?"

    Because the computation would be rather slow...

    1. DapaBlue

      There was a quirk in the travelcard paper tickets in the mid 90s that meant that you could aquire a magnetic stripe number that would open all barriers on the system and never expired - there was a TV prog investigation in to it at the time.

  9. Anonymous Coward
    Anonymous Coward

    It's all rather moot

    ...as most of the data needed to crack this RSA Crypto was hacked out of the company last year. So, unless RSA have replaced all the customer cards & tokens they had in the field at the time - someone very clever notionally has access already :0)

This topic is closed for new posts.