Wednesday, August 07, 2013

RSA and DH heading for a fall?





Recent advances in crypto math are worrying the security community.







  1. http://www.technologyreview.com/news/517781/math-advances-raise-the-prospect-of-an-internet-security-crisis/
  2. http://www.slideshare.net/astamos/bh-slides
  3. http://arstechnica.com/security/2013/08/crytpo-experts-issue-a-call-to-arms-to-avert-the-cryptopocalypse/
In many cases, signs of weakness in an algorithm indicate a fatal flaw that will eventually be cracked completely open, in other cases, it seems to me, an advance runs up against some other insurmountable obstacle, so maybe its still too early to hold an expectation about a crptpocalypse. (Although I like the term and wish I thought of it.)  Its not aways the case that attacks on math only get better, but, probably, and we should assume they will.

I would not dispute that this is another warning sign about the long-term stability, viability and resilience of our current global PKI.  There are any number of insights about problems at many levels of the PKI stack, and adding fundamental crypto to that list reinforces that we need to be thinking about a more robust, flexible, crypro-agile architecture.

No comments: