Evan Schuman's StorefrontBacktalk

It gets worse. “More seriously, we stumbled upon 12,720 different 1024-bit RSA moduli that offer no security. Their secret keys are accessible to anyone who takes the trouble to redo our work. Assuming access to the public key collection, this is straightforward compared to more traditional ways to retrieve RSA secret keys.

“What surprised us most is that many thousands of 1024-bit RSA moduli, including thousands that are contained in still valid X.509 certificates, offer no security at all. This may indicate that proper seeding of random number generators is still a problematic issue,” the report said.

The paper points out some issues that need attention, but it also overreaches, such as when it said that “0.2 percent of the keys offer no security.” Actually, they offer roughly the same security as the lock on your front door: It will discourage millions of casual walk-ins, even though it won’t stop a professional thief who has targeted your house.

The major retail security exec said she had a plan for minimizing her chain’s exposure. “My first-glance reaction is not to panic needlessly. I plan to wait for researchers to identify a key generation system that avoids the current pitfalls, then rotate my keys on their normal schedule. I might exercise a ‘compromised key scenario’ for practice, but not out of fear. That would all change if the facts get worse, of course.”

The retail security exec said the cause of the problem is partially sloppy retail IT procedures. The same chains at risk because of that sloppiness will likely remain at risk when the fixes are published, due to the probability of more sloppiness.

“The weak keys and collisions were likely caused by using the default configurations of some key generators and (that chain’s IT team) not properly following directions to install it in a secure fashion. This means they likely did not properly seed their random number generators,” she said. “Someone will identify these poor configurations and publish them. This will allow organizations to check their systems and, if their configuration is the same, they should reconfigure their key generation system and replace all their keys. Many shops who originally failed to follow the instructions for careful installation of their systems will also fail to heed these warnings.”

Any security risk is only dangerous to the extent that cyberthieves have the means to exploit the hole and, indeed, do so. “Some bad guys are likely to begin trying to replicate their work, if they haven’t already. But it will take them some amount of time before they hit a goldmine. There may be a few weak keys identified rapidly, leading to a couple of minor public embarrassments,” the retail cryptography expert said. “If it’s revealed that a certificate authority’s signing key was among those compromised, that will be big news, along the lines of the now-defunct DigiNotar. If you currently use 1024-bit RSA keys, it’s likely the future recommendation will be to replace them with 2048-bit (or larger) keys. Some shops will react very quickly and are probably replacing every key this week. There will be minor fallout as some mistakes will be made in the rush.”

She also had a good suggestion: “This is a good time to review your ‘Key Compromise Plan.’ You did create a Key Compromise Plan as a part of your PCI compliance work, didn’t you?” she asked. “If you received a notification from the SSL Observatory to replace your weak keys, and haven’t acted upon it yet, do so now. There will likely be recommendations forthcoming to re-install updated versions of certain key generating software packages, and to generate new keys after they’ve been installed. That will likely be the best time to act.”

Considering how much effort has already gone into rainbow tables and the like, we can be reasonably sure there are currently thieves who have created those tools and are running them on every public key they can find. That means for the one in 500 at risk, they really are at risk.