New Retail Crypto Hole: Check Your Keys Now

Written by Frank Hayes and Evan Schuman
February 15th, 2012

A new cryptographic hole revealed this week will impact one in 500 encryption keys, will be fairly hard for cyberthieves to find and will almost certainly be patched quickly. Still, it raises fundamental questions about encryption reliance. The group of cryptography researchers described an encryption hole that hits RSA especially hard, and at least one major chain is taking this very seriously.

Although the flaw involves encryption key components that are supposed to be unique, an examination by the SSL Observatory found them to be far from it. One security specialist at a major retailer said his chain was studying the report but found no reason to panic. “My opinion is that we are safe, for at least a little while. Even if our keys shared a modulus with someone else, the researchers notified everyone affected they could find, and most retailers are pretty easy to find,” said the retail cryptographer, who asked that her name not be used. “The bigger concern is internal keys, ones they couldn’t survey. Without their data of ‘weak keys,’ we can’t be sure we aren’t using any. But they can’t responsibly publish the list. All owners of certificates do not know today if their keys are weak or not, and they have no way of finding out just by examining them.”

While stressing that the chance for this flaw to be used by bad guys was remote, the security specialist said that if it is used, the implications are pretty frightening. “Think what this means for PCI. A bad guy who has secretly been recording encrypted traffic to retailers, and with the resources to replicate this research, now has the possibility of decrypting it,” she said.

The researchers stressed that they tried to contact many victims—including many retailers—but that problems with contact information on security certificates (shocked we are that security certificates aren’t as helpful as the vendors say they are) made it difficult. The retail security exec echoed those concerns. “Some owners of certificates have been notified that their keys are weak and some of those have taken action. But more than half of the most seriously affected certificate owners did not even acknowledge contact by the SSL Observatory. People are still using insecure key generation mechanisms to generate new certificates.”

Bruce Schneier, a security consultant and bestselling author of several cryptography and security books, described the newly reported hole as “probably not significant. The bad guys would have to replicate the experiment and find the weak keys.”

The security report—available in full geeky details—lays out the mathematical problem. “More worrisome is that, among the 4.7 million distinct 1024-bit RSA moduli that we had originally collected, more than 12,500 have a single prime factor in common. That this happens may be crypto-folklore, but it was new to us, and it does not seem to be a disappearing trend. In our current collection of 7.1 million 1024-bit RSA moduli, almost 27,000 are vulnerable, and 2048-bit RSA moduli are affected, as well. When exploited, it could affect the expectation of security that the public key infrastructure is intended to achieve.”

It wasn’t only RSA encryption that was at issue, but the report said it was the most at risk. “Among the ElGamal and DSA keys, we found a few duplicates with unrelated owners. This is a concern because, if these owners find out, they may breach each other’s security. It pales, however, compared to the situation with RSA. Of 6.6 million distinct X.509 certificates and PGP keys containing RSA moduli, [270,000] share their RSA modulus, often involving unrelated parties. Of 6.4 million distinct RSA moduli, 71,052 occur more than once, some of them thousands of times.”


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.