New Retail Crypto Hole: Check Your Keys Now
Written by Frank Hayes and Evan SchumanA new cryptographic hole revealed this week will impact one in 500 encryption keys, will be fairly hard for cyberthieves to find and will almost certainly be patched quickly. Still, it raises fundamental questions about encryption reliance. The group of cryptography researchers described an encryption hole that hits RSA especially hard, and at least one major chain is taking this very seriously.
Although the flaw involves encryption key components that are supposed to be unique, an examination by the SSL Observatory found them to be far from it. One security specialist at a major retailer said his chain was studying the report but found no reason to panic. “My opinion is that we are safe, for at least a little while. Even if our keys shared a modulus with someone else, the researchers notified everyone affected they could find, and most retailers are pretty easy to find,” said the retail cryptographer, who asked that her name not be used. “The bigger concern is internal keys, ones they couldn’t survey. Without their data of ‘weak keys,’ we can’t be sure we aren’t using any. But they can’t responsibly publish the list. All owners of certificates do not know today if their keys are weak or not, and they have no way of finding out just by examining them.”
While stressing that the chance for this flaw to be used by bad guys was remote, the security specialist said that if it is used, the implications are pretty frightening. “Think what this means for PCI. A bad guy who has secretly been recording encrypted traffic to retailers, and with the resources to replicate this research, now has the possibility of decrypting it,” she said.
The researchers stressed that they tried to contact many victims—including many retailers—but that problems with contact information on security certificates (shocked we are that security certificates aren’t as helpful as the vendors say they are) made it difficult. The retail security exec echoed those concerns. “Some owners of certificates have been notified that their keys are weak and some of those have taken action. But more than half of the most seriously affected certificate owners did not even acknowledge contact by the SSL Observatory. People are still using insecure key generation mechanisms to generate new certificates.”
Bruce Schneier, a security consultant and bestselling author of several cryptography and security books, described the newly reported hole as “probably not significant. The bad guys would have to replicate the experiment and find the weak keys.”
The security report—available in full geeky details—lays out the mathematical problem. “More worrisome is that, among the 4.7 million distinct 1024-bit RSA moduli that we had originally collected, more than 12,500 have a single prime factor in common. That this happens may be crypto-folklore, but it was new to us, and it does not seem to be a disappearing trend. In our current collection of 7.1 million 1024-bit RSA moduli, almost 27,000 are vulnerable, and 2048-bit RSA moduli are affected, as well. When exploited, it could affect the expectation of security that the public key infrastructure is intended to achieve.”
It wasn’t only RSA encryption that was at issue, but the report said it was the most at risk. “Among the ElGamal and DSA keys, we found a few duplicates with unrelated owners. This is a concern because, if these owners find out, they may breach each other’s security. It pales, however, compared to the situation with RSA. Of 6.6 million distinct X.509 certificates and PGP keys containing RSA moduli, [270,000] share their RSA modulus, often involving unrelated parties. Of 6.4 million distinct RSA moduli, 71,052 occur more than once, some of them thousands of times.”
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
