RSA Cracked, CodeMeter Still Secure
2012-07-05 John Poulson
The big news for crypto-wonks this week is that an international group of researchers has cracked a portion of RSA encryption. And it's not like they had to throw supercomputers at the problem; it was cracked in under 15 mintues. You can read the whole paper here (note: not light reading).
Mostly they were interested in hardware tokens using RSA to see if they could reveal the the secret key with "padding oracle" attacks (using error messages as a side channel). Some of these tokens use smart card circuits so the assumption is that the key is completely safe.
The devices they cracked were (and the time required):
- Aladdin eTokenPro (21 minutes)
- Gemalto Cyberflex (92 minutes)
- RSA Securid 800 (13 minutes)
- Safenet Ikey 2032 (88 minutes)
- Siemens CardOS (21 minutes)
CodeMeter, of course, uses a smart card chip as its core. So is there a concern?
The good news is no. No worries. CodeMeter doesn't rely on RSA for encryption, although we make it available optionally for those customers who want to use it. CodeMeter uses AES 256-bit for basic encryption and ECC for encrypting the communication channel between the hardware and the operating system.
By the way the researchers asked the manufacturers of the cracked tokens for a response. The most common one was along the line of "Oops."
Sr. Account Manager
John went to work back in 1987 for what arguably might be the first company in the world to offer a way of protecting software with hardware. This company developed a "back-plane" device to protect a proprietary operating system for a Data General computer. He has since worked for several software security / licensing companies and beginning in 1999, with Wibu-Systems. He has seen the technology move from simple laser holes burned into 5-1/4" floppy disks to the innovative, sophisticated, encryption based smart card technology, first introduced to the world in the CodeMeter platform.