The Stronger The Key Used To Encode Files, The Easier It Is To Find

March 10, 1999

They may look harmless but screensavers could betray you while you're out at lunch. Two cryptographers have discovered that the randomness of the "keys" that are used to encode encrypted documents could be their downfall.

The discovery was made by Adi Shamir at the Weizmann Institute of Science in Rehovot, Israel, joint inventor of the widely used RSA public key cryptography system, and Nicko van Someren of nCipher, a British electronic security company based in Cambridge. The more random a private signature key is, the harder it is to crack encrypted files. But by scanning hard drives for chunks of data that are particularly random, the pair found that it is possible to weed out keys stored on a disc.

Most programs organise data into some sort of level of structure, so blocks of randomness stand out and can be spotted with the same ease that a human eye can tell the difference between a good TV picture from one with lots of interference. According to van Someren, this means that even though the keys take up a mere kilobyte of memory, it could take as little as 40 minutes to find a signature key on a modern 10-gigabyte hard drive.

"It would be possible to write a program that searches the hard disc automatically and sends the key to the villain," says van Someren. This, he says, could be carried out by a virus that runs only when the screensaver is on, making it extremely difficult for the user to detect. A running screensaver could contain viral code that would tell a hacker when the user is away from their desk-and thus wouldn't notice the computer slowing down as the virus hunts for keys.

The possibility highlights the need to keep signature keys safe, says Phil Zimmermann, who wrote Pretty Good Privacy (PGP), a popular encryption program that is reckoned to be hard to crack. "Users must never leave their private key exposed in a non-secure environment," he says. "This is as obvious as not leaving your wallet unattended on a bus bench."

Any worthwhile encryption program encrypts the key before storing it, making it useless if found. However, a "swap" file-a temporary file stored on the hard disc-may still hold the key in its unencrypted form, allowing it to be detected by hackers. There are ways to combat this sort of attack, such as overwriting swap files as the PGP program does. But some encryption systems are vulnerable, particularly those on Web servers where the keys are constantly in use.
-end-
Author: Duncan Graham-Rowe New Scientist issue 13 March 99

PLEASE MENTION NEW SCIENTIST IF YOU USE THIS ARTICLE.



New Scientist

Related Data Articles from Brightsurf:

Keep the data coming
A continuous data supply ensures data-intensive simulations can run at maximum speed.

Astronomers are bulging with data
For the first time, over 250 million stars in our galaxy's bulge have been surveyed in near-ultraviolet, optical, and near-infrared light, opening the door for astronomers to reexamine key questions about the Milky Way's formation and history.

Novel method for measuring spatial dependencies turns less data into more data
Researcher makes 'little data' act big through, the application of mathematical techniques normally used for time-series, to spatial processes.

Ups and downs in COVID-19 data may be caused by data reporting practices
As data accumulates on COVID-19 cases and deaths, researchers have observed patterns of peaks and valleys that repeat on a near-weekly basis.

Data centers use less energy than you think
Using the most detailed model to date of global data center energy use, researchers found that massive efficiency gains by data centers have kept energy use roughly flat over the past decade.

Storing data in music
Researchers at ETH Zurich have developed a technique for embedding data in music and transmitting it to a smartphone.

Life data economics: calling for new models to assess the value of human data
After the collapse of the blockchain bubble a number of research organisations are developing platforms to enable individual ownership of life data and establish the data valuation and pricing models.

Geoscience data group urges all scientific disciplines to make data open and accessible
Institutions, science funders, data repositories, publishers, researchers and scientific societies from all scientific disciplines must work together to ensure all scientific data are easy to find, access and use, according to a new commentary in Nature by members of the Enabling FAIR Data Steering Committee.

Democratizing data science
MIT researchers are hoping to advance the democratization of data science with a new tool for nonstatisticians that automatically generates models for analyzing raw data.

Getting the most out of atmospheric data analysis
An international team including researchers from Kanazawa University used a new approach to analyze an atmospheric data set spanning 18 years for the investigation of new-particle formation.

Read More: Data News and Data Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.