UPDATE: RSA Responds to Flaw Finding

The problem is not in the algorithm; it's in the implementation


RSA, the company, has responded to a report released on Valentines Day claiming a big problem with RSA, the encryption algorithm. Researchers claimed to have found a much larger than expected number of duplicate encryption keys in a large trove of them, indicating that an awful lot of stuff is not secure.

RSA's short answer is a little like the difference between RSA the company and RSA the encryption algorithm. RSA, the encryption algorithm, is quite sound, thank-you-very-much. The implementation of that algorithm, on the other hand, leaves something to be desired.

In an email, RSA (the company again; algorithms aren't very good at writing long emails) blames "the exploding number of embedded devices that are connected to the internet today" in which the algorithm is poorly implemented. In particular, the company homes in on not-random-enough number generation. (Check out an excellent article by a pair of Intel engineers for a good explanation of why random numbers are important and how to derive them from the workings of a computer processor.)

I'll paste RSA's complete missive below. They seem to be promising a more in depth view in a blog later. But I guess that wasn't ready. In the mean time, they suggest you read Dan Kaminsky's blog on the subject. (Kaminsky's the guy who found a hole in the Domain Name System a few years back.) 

From RSA:

On February 14, 2012, a research paper was submitted for publication stating that an alleged flaw has been found in the RSA encryption algorithm. Our analysis confirms to us that the data does not point to a flaw in the algorithm, but instead points to the importance of proper implementation, especially regarding the exploding number of embedded devices that are connected to the internet today.

We welcome this form of research into security technologies in general, as it contributes to better overall security for everyone. The RSA algorithm has withstood such scrutiny for decades from multiple sources. But good cryptography, including RSA’s, depends on proper implementation. True random number generation underpins nearly all cryptographic algorithms and protocols, and must be performed with care to protect against the weakening of well-designed cryptography.

Our analysis of the data points to the need for better care in implementation, generally tied to embedded devices. We see no fundamental flaw in the algorithm itself, and urge all cryptography users to ensure good implementation and best practices are followed.

For more detailed analysis of the report by an independent party, please visit this blog written by Dan Kaminsky.

The Tech Alert Newsletter

Receive latest technology science and technology news & analysis from IEEE Spectrum every Thursday.

About the Tech Talk blog

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.