As the Edward Snowden situation continues to be at the fore of many a security expert’s mind, cryptographers and other self-styled crypto experts, along with security experts, and hackers – many of whom were at the Black Hat security conference recently – warn of a coming cryptopocalypse (crypto apocalypse ).
Basically, say the experts, the cryptopocalypse will occur because all of the currently employed crytopgraphy out there is being overtaken by the blinding speed at which decryption algorithms are suddenly advancing; experts say that after glacial advances over the past many years, suddenly there has been a stunning advance in decryption over the last several months. This is seriously compounded by the fact that most of the cryptography out there is not designed in a way that it can be “upgraded” (for lack of a better word), meaning that in order to resist the more advanced algorithms that will be attacking it, it needs a brand new cryptography system.
According to researchers Tom Ritter, Alex Stamos, Thomas Ptacek, and Javed Samuel, who presented their findings at the Black Hat conference, the current state of cryptography being used in the field is not easy to ‘upgrade’ to fend off attacks using the new breeds of decryption that are evolving now, which means that there could be a moment in time – the cryptopocalypse – when large swaths of data on the Internet, previously secured, fall prey to an attack.
Explain the four, in their talk abstract, “The last several years has seen an explosion of practical exploitation of widespread cryptographic weaknesses, such as BEAST, CRIME, Lucky 13 and the RC4 bias vulnerabilities. The invention of these techniques requires a lot of hard work, deep knowledge and the ability to generate a pithy acronym, but rarely involves the use of a completely unknown weakness. Cryptography researchers have known about the existence of compression oracles, RC4 biases and problems with CBC mode for years, but the general information security community has been unaware of these dangers until fully working exploits were demonstrated.”
They go on to say that their research focuses on “the latest breakthroughs in discrete mathematics and their potential ability to undermine our trust in the most basic asymmetric primitives, including RSA.”
Ritter, Stamos, Ptacek and Samuel are urging the computer industry to address this possible security weakness now, first by making sure that systems that use cryptography are able to update and upgrade as advances in cryptography happen. Second, they say that the industry should adopt a new type of encryption algorithm known as elliptic curve cryptography (ECC).
Going into the details and technicalities of both the current state of cryptography and encryption algorithms, and the newer ECC is beyond the scope of this article, but if you are curious to know more, you can read a much more detailed write-up of the technical side over at arstechnica.
|Get notified of new Internet Patrol articles!
You might also like some of our other articles: