[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys?
From: InfoSec News <alerts () infosecnews ! org>
Date: 2015-10-22 9:14:30
Message-ID: alpine.DEB.2.02.1510220914200.31515 () infosecnews ! org
[Download RAW message or body]
http://arstechnica.com/security/2015/10/breaking-512-bit-rsa-with-amazon-ec2-is-a-cinch-so-why-all-the-weak-keys/
By Dan Goodin
Ars Technica
Oct 20, 2015
The cost and time required to break 512-bit RSA encryption keys has
plummeted to an all-time low of just $75 and four hours using a recently
published recipe that even computing novices can follow. But despite the
ease and low cost, reliance on the weak keys to secure e-mails,
secure-shell transactions, and other sensitive communications remains
alarmingly high.
The technique, which uses Amazon's EC2 cloud computing service, is
described in a paper published last week titled Factoring as a Service.
It's the latest in a 16-year progression of attacks that have grown ever
faster and cheaper. When 512-bit RSA keys were first factored in 1999, it
took a supercomputer and hundreds of other computers seven months to carry
out. Thanks to the edicts of Moore's Law—which holds that computing power
doubles every 18 months or so—the factorization attack required just seven
hours and $100 in March, when "FREAK," a then newly disclosed attack on
HTTPS-protected websites with 512-bit keys, came to light.
In the seven months since FREAK's debut, websites have largely jettisoned
the 1990s era cipher suite that made them susceptible to the factorization
attack. And that was a good thing since the factorization attack made it
easy to obtain the secret key needed to cryptographically impersonate the
webserver or to decipher encrypted traffic passing between the server and
end users. But e-mail servers, by contrast, remain woefully less
protected. According to the authors of last week's paper, the RSA_EXPORT
cipher suite is used by an estimated 30.8 percent of e-mail services using
the SMTP protocol, 13 percent of POP3S servers. and 12.6 percent of
IMAP-based e-mail services.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic