Researchers crack SecurID tokens within a 15-minute — update 2


French security researchers have developed a method by which SecurID 800 tokens within fifteen minutes to crack. Also a number of other cryptographic tokens that RSA keys save, are vulnerable to light.

Under the vulnerable tokens are the RSA SecurID 800 tokens the key. Also a number of other tokens that use the same protocol, however, is vulnerable. Below are tokens of the Dutch company Gemalto, but also the national identity of Estonia.

The devices are used for the storage of secret cryptographic keys, that can be used to a person’s identity to verify. In practice, for example, an additional code will be displayed that is generated on the basis of the key, and that when logging on to a system must be completed, in addition to username and password.

The French security researchers knew a vulnerability in the cryptographic wrapper to abuse the cryptographic key to rip, showing off their report. In addition, they used a since 1998 well-known method, which until now was considered to be in practice not usable, because the very would take a long time before the key became obsolete. By the method, tweak it, they knew the time that was necessary for the tokens to crack and bring it back to about 13 minutes.

Last year knew hackers breaking into the systems of RSA, where they have information about the functioning of sleutelgenerators of war.

Update, Wednesday 11:42: According to Marcel Snippe of RSA, the vulnerability is already known, and is not recommended to switch over to a new, safer version of the pkcs-standard. In addition, the attack is impractical, shall Snippe: so an attacker must have access to a person’s SecurID 800 token and the pin code of the user. In this case, gives someone the attacker already have full access, set Snippe.

Update, Friday 13:11: RSA stressed that the hack does not make it possible to stored on the device keys to obtain.