RSA Cracked, CodeMeter Still Secure
2012-07-05 John Poulson
The big news for crypto-wonks this week is that an international group of researchers has cracked a portion of RSA encryption. And it's not like they had to throw supercomputers at the problem; it was cracked in under 15 mintues. You can read the whole paper here (note: not light reading).
Mostly they were interested in hardware tokens using RSA to see if they could reveal the the secret key with "padding oracle" attacks (using error messages as a side channel). Some of these tokens use smart card circuits so the assumption is that the key is completely safe.
The devices they cracked were (and the time required):
- Aladdin eTokenPro (21 minutes)
- Gemalto Cyberflex (92 minutes)
- RSA Securid 800 (13 minutes)
- Safenet Ikey 2032 (88 minutes)
- Siemens CardOS (21 minutes)
CodeMeter, of course, uses a smart card chip as its core. So is there a concern?
The good news is no. No worries. CodeMeter doesn't rely on RSA for encryption, although we make it available optionally for those customers who want to use it. CodeMeter uses AES 256-bit for basic encryption and ECC for encrypting the communication channel between the hardware and the operating system.
By the way the researchers asked the manufacturers of the cracked tokens for a response. The most common one was along the line of "Oops."
Sr. Account Manager
A senior manager and well respected security industry expert, John has worked in business development and sales for Wibu-Systems USA since 2001. When not consulting with customers on software licensing and protection solutions, John attends industry trade shows and conferences to stay abreast of the latest developments in the IT world. Prior to Wibu-Systems, John worked for Micro Security Systems, Eagle Data, and Griffin Technologies, all pioneers in software security.
Over the years, John has authored several blog articles on topics of general interest in cryptography as well as monetization of embedded systems in new and innovative ways.