http://www.nytimes.com/2007/11/17/technology/17code.html By John Markoff The New York Time November 17, 2007 SAN FRANCISCO, Nov. 16 — One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk. Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors. Historically, the risk has been demonstrated in incidents like the discovery of an obscure division bug in Intel’s Pentium microprocessor in 1994 and, more recently, in a multiplication bug in Microsoft’s Excel spreadsheet program, he wrote. A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography. Using this approach, a message can be scrambled using a publicly known number and then unscrambled with a secret, privately held number. The technology makes it possible for two people who have never met to exchange information securely, and it is the basis for all kinds of electronic transactions. Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be “trivially broken with a single chosen message.” Executing the attack would require only knowledge of the math flaw and the ability to send a “poisoned” encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system. With this approach, “millions of PC’s can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,” Mr. Shamir wrote. [...] __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Nov 18 2007 - 23:40:42 PST