Photo: Travis Goodspeed via Flickr
That RSA device sitting on your desk? You might need to toss it.The New York Times’ John Markoff writes that a team of American and European researchers have discovered a crack in the RSA program, one of the most commonly used encryption algorithms in the world.
While the chink affects just two out of every thousand RSA sequences they looked at, the researchers fear that for dedicated hackers, the flaw may already be familiar.
RSA works using public-key encryption (“public” in this sense simply meaning “known”). In public-key encryption (which actually takes two keys), the public key can be used to encrypt information, while only the private key (the string of numbers on your RSA device) can be used to decrypt.
The RSA method of this system uses the product of two very large prime numbers and an auxiliary number as encryption keys.
In theory, the keys are randomly chosen numbers that should be impossible to guess in tandem.
But using basic principles of factoring, the researchers found cases where they were able to derive the numbers.
“The lack of sophistication of our methods and fi ndings make it hard for us to believe that what we have presented is new, in particular to agencies and parties that are known for their curiosity in such matters,” wrote the researchers in their findings.