Millions of computers running the
RSA security standard to enrycpt data could be vulnerable to
hacking attacks following the discovery of a flaw in a popular
microprocessor by one of the RSA standard's founders.
Adi Shamir
- the "S" in RSA - revealed a mathematical error which would make
it possible for an attacker to break the protection of public key
cryptography when used against a well-known and widely used make of
microprocessor.
Mr Shamir wrote in a research note that if an intelligence
organisation discovered the error in the widely used chip, then
security software on a PC with that chip could be "trivially broken
with a single chosen message".
"Millions of PCs can be attacked simultaneously, without having
to manipulate the operating environment of each one of them
individually", said Shamir.
He wrote that the increasing complexity of modern microprocessor
chips was almost certain to lead to undetected errors and that
because the exact design of chips were kept as trade secrets, it
would be difficult to verify how many different versions of this
chip contained the error.
Using
RSA, a message is encrypted using a publicly known number and
then unscrambled with a secret one. The technology makes it
possible to exchange information securely, and is used in secure
web transactions.
An attack would require knowledge only of the flaw - initiated
by inputting a mathematical error - and the ability to send a
"poisoned" encrypted message to a protected computer. It would then
be possible to compute the value of the secret key used by the
targeted system.
Mr Shamir has said he had no evidence that anyone was using an
attack of the kind he had described.