RSA standard vulnerable, says founder

Millions of computers running the RSA security standard to enrycpt data could be vulnerable to hacking attacks following the discovery of a flaw in a popular microprocessor by one of the RSA standard's founders.

Adi Shamir - the "S" in RSA - revealed a mathematical error which would make it possible for an attacker to break the protection of public key cryptography when used against a well-known and widely used make of microprocessor.

Mr Shamir wrote in a research note that if an intelligence organisation discovered the error in the widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message".

"Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually", said Shamir.

He wrote that the increasing complexity of modern microprocessor chips was almost certain to lead to undetected errors and that because the exact design of chips were kept as trade secrets, it would be difficult to verify how many different versions of this chip contained the error.

Using RSA, a message is encrypted using a publicly known number and then unscrambled with a secret one. The technology makes it possible to exchange information securely, and is used in secure web transactions.

An attack would require knowledge only of the flaw - initiated by inputting a mathematical error - and the ability to send a "poisoned" encrypted message to a protected computer. It would then be possible to compute the value of the secret key used by the targeted system.

Mr Shamir has said he had no evidence that anyone was using an attack of the kind he had described.