The rsa algorithm is safe, the technical director of RSA, Bret Hartman. Research showed that two out of the thousands of rsa keys are not secure, but that is not the algorithm itself, emphasizes Hartman: the error in the implementation.
That said chief technology officer Hartman from RSA at Tweakers.net at the RSA Conference this week in San Francisco. RSA is the company that, among others, the well-known rsa algorithm is developed, that lot is used for communication encryption. Two weeks ago, research was presented which showed that two out of the thousands of rsa keys, no security to offer. The researchers took 7.1 million rsa keys under the microscope to to that to come to this conclusion.
The keys were unsafe because they have one or more prime factors share. Rsa-keys, back on primes, and consist of a public and a private key. “The algorithm by which keys are generated, is extensively researched, and there are never vulnerabilities found,” says Hartman. Unsafe keys are, according to him, the result of an improper implementation; the algorithm is open, so anyone can develop software with which keys are created.
The problem with insecure keys is that they are not random enough. “That could also be the underlying operating system are,” said Hartman, as the random number generator of the operating system is less random than thought.
That the generation of single secret keys according to the researchers, is safer than multi-secret-keys according to Hartman apples and oranges. “A single-secret-key can be completely random,” explains Hartman. “Multi-secret-keys are related to each other and can thus not be totally random.”
In theory, it is single, secret-cryptography and therefore safer, for more unique, but for some purposes, such keys are not suitable: the idea is that anyone with a certain key, the communication can decrypt it. We need that key, so, however, may be shared, which is not always practical. In multi-secret-cryptography there are two keys to one another, ‘apply’, a public and a private key. The messages to encrypt, only the public key; to decrypt, the private key is needed. This principle is used for example in ssl and tls.
According to Hartman companies and organizations that have public key cryptography, is more likely to worry about the safe storage of keys. “Issues with cryptography often have to do with the way keys are handled, and not with the algorithm itself,” he says. Private keys are stolen, for example, so that the encryption can be cracked, without that there is something wrong with the algorithm itself.
That is not to say that there are no dangers for the rsa algorithm. “In the long term, for example, can quantumcomputing a danger,” says Hartman. Computers would be so powerful that they can the encryption be able to break through. It is thus important to already have a minimum key length to handle rsa-keys of 512bits can already be cracked.