Whether current encryption methods to help for a long time against data thieves is doubtful.
Experts warn of serious problems with current security technologies. Alex Stamos, CTO of IT security company Artemis, comes to the study of current cryptography Publications concludes: “It is not very likely, but entirely possible that both RSA and Diffie-Hellman encryption method in four to five years will no longer be useful. ” RSA and Diffie-Hellman are two of the most common encryption method on the Internet.
They are for online banking, e-commerce or used in e-mail traffic and ensure that software updates are found to be genuine. RSA and Diffie-Hellman ciphers are based on so-called discrete logarithms, a part of mathematical group theory. To compute discrete logarithms – and to crack the encryption – is with classical algorithms on normal computers because of the associated computational effort practically impossible. However, professionals do not consider it impossible that soon “fast algorithms” could be formulated that can solve the problem quickly. “We are leaving the fact that no one can find such efficient algorithm,” says Javed Samuel, cryptography expert at security consultancy iSEC partner. “Should he be found, the cryptosystem is broken.” Earlier this year, the French mathematician Antoine Joux published two essays that make the discovery of an appropriate algorithm likely. “This is a huge thing,” said Samuel. For the past 25 years there has been little progress in this area. “It will encourage researchers to study the problem and very likely lead to further progress by themselves.” As for why its forecast called Samuel the fact that no unusual Joux have applied mathematical techniques to the problem. Instead, he had acted with known methods that have been used with no discrete logarithms. “If Joux or someone else published a breakthrough, it may take a day or two to practically implement the solution,” says Stamos, who recently presented the findings together with Samuel at ! the Black Hat security conference in Las Vegas.Stamos therefore advises the industry to move away from RSA and Diffie-Hellman and turn to the elliptic curve cryptography (ECC). This relatively new method is based on the more difficult variations on discrete logarithms.
The U.S. Secret NSA recommends the ECC for several years. In 2005 he published a collection of ECC programs for the U.S. government under the name SUITEB. Internally, the NSA should use the secret, probably also ECC-based SuiteA. The Russian government is no longer working with RSA, but uses its own ECC system. The first ECC implementations, the company has developed and patented by Certicom. 2009 took over the BlackBerry smartphone manufacturer, the company. Who wants to use the ECC royalties to BlackBerry must pay the U.S. government. Stamos called BlackBerry to now to release certain applications of Certicom patents, for example, within the SUITEB. In other ECC applications a significant revenue would still be possible. Should it come to “crypto-apocalypse”, the U.S. government would declare the patents for reasons of national security probably already invalid argument Stamos. In the security industry, we also speculated that the NSA, the current encryption methods have been cracked. The Flame malware that was discovered in 2012, already contained mathematical methods to break the encryption with the authenticity of Microsoft updates is checked. It is believed that Flame on behalf of a government – was developed – possibly the U.S.. “I do not think they are ahead of us”, holds Moxie Marlinspike of Whisper Systems, however. His company develops apps for encrypting calls and text messages on smartphones. For such a breakthrough, the U.S. authorities would pay just too bad – the biggest talents crypto therefore went into the industry. <- AUTHOR MARKER DATA BEGIN -> ( Tom Simonite ) / (bsc)<- RSPEAK_START -> <- AUTHOR-DATA-END-MARKER ! ->
<- googleoff: all ->
