An international group of researchers has cracked a portion of the RSA encryption algorithm. Should users of CodeMeter be concerned?
The big news for crypto-wonks this week is that an international group of researchers has cracked a portion of RSA encryption. And it's not like they had to throw supercomputers at the problem; it was cracked in under 15 mintues. You can read the whole paper here (note: not light reading).
Mostly they were interested in hardware tokens using RSA to see if they could reveal the the secret key with "padding oracle" attacks (using error messages as a side channel). Some of these tokens use smart card circuits so the assumption is that the key is completely safe.
The devices they cracked were (and the time required):
Aladdin eTokenPro (21 minutes)
Gemalto Cyberflex (92 minutes)
RSA Securid 800 (13 minutes)
Safenet Ikey 2032 (88 minutes)
Siemens CardOS (21 minutes)
CodeMeter, of course, uses a smart card chip as its core. So is there a concern?
The good news is no. No worries. CodeMeter doesn't rely on RSA for encryption, although we make it available optionally for those customers who want to use it. CodeMeter uses AES 256-bit for basic encryption and ECC for encrypting the communication channel between the hardware and the operating system.
By the way the researchers asked the manufacturers of the cracked tokens for a response. The most common one was along the line of "Oops."