Home » Topics » Cybersecurity » Public encryption keys ‘are no longer secure’

Public encryption keys ‘are no longer secure’

Avatar photoby Ben Rossi

Keys used for the vast majority of encryption systems – including ecommerce – are no longer secure. A paper by Daniel Bernstein, an associate professor at the University of Illinois at Chicago, has shown that it is possible to build a computer that could break the vast majority of encryption keys in minutes.

Most publicly-used encryption technology, such as that used in secure web traffic, logon accounts for servers, Internet protocol (IP) traffic, Pretty Good Privacy (PGP) encryption and signed emails, relies on “keys” – very large numbers – one of which is privately held and one which is available to the public.

Someone sending a message to someone else encrypts the message using the recipient’s public key, the recipient using his or her private key to decipher the original message.

The system relies on the largeness of the public key, which can often contain as many as 128 digits, for its integrity. In order to break the key, a computer must be able to calculate the prime factors of the public key, a task which was previously regarded as impractical for large numbers.

However, Bernstein’s analysis has shown that it is possible to build a computer capable of performing the task in only a few minutes, meaning that encrypted traffic that uses such systems could be deciphered.

Security expert Bruce Schneier says that although using commercially available parts to build the computer would push the price of fabrication to between $100 million (€114m) and $1 billion (€1.14bn), the costs would drop with access to custom-built chips.

“The inescapable conclusion is that the NSA [National Security Agency], its major foreign intelligence counterparts, and any foreign commercial competitors provided with commercial intelligence by their national intelligence services have the ability to break on demand any and all 1024-bit (128-digit) public keys,” said security advocate Lucky Green.

He also pointed out that security agencies regularly launch intelligence satellites costing $2 billion (€2.28bn), so the price of building such a computer would not be so daunting to them.

Separately, a group of security specialists have announced that they have built software that can break 64-digit keys in only six weeks using hardware commonly found in the average office.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Encryption

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise