Thursday, February 16, 2012

Some Encryption Keys Vulnerable, Researchers Say

Researchers at the Jacobs School of Engineering at UC San Diego and at the University of Michigan recently announced that they were able to compromise one in every 250 public encryption keys used for SSL website security on the Internet. The security flaw mainly affects embedded devices such as routers and VPN devices, as opposed to popular web sites.  The main issue was that the encryption keys weren’t generated as randomly as they should have been, allowing potential attackers to efficiently discover devices’ private keys.
Nadia Heninger, a postdoctoral researcher in the computer science department at the Jacobs School of Engineering, and colleagues Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan plan to publish their results after they have contacted the manufacturers of the vulnerable devices to alert them of the flaw.
More on the study and on how the researchers broke the encryption keys here.
Read an item for the University of Michigan here.