Encryption circles are buzzing this week with news that mathematical functions embedded in common security applications might have previously unknown weaknesses.
The excitement began last Thursday with an announcement that French computer scientist Antoine Joux had uncovered a flaw in a popular algorithm called MD5, often used with digital signatures. Then four Chinese researchers released a paper that reported a way to circumvent a second algorithm, SHA-0.
The trick of public key encryption -- the best known approach is called RSA for the initials of its inventors -- is that one key can be used to scramble the data while a different, mathematically related, key is used to unscramble it. When you download a digitally signed program, the first thing your computer does is check the Web site's digital certificate. It then queries the CA that issues the certificate to make sure it's still valid and to obtain the public key.
This lengthy and highly technical primer provides a gentle yet thorough introduction to elliptical key cryptography (ECC), said to be ideal for resource-constrained systems because it provides more "security per bit" than other types of asymmetric cryptography. The paper is from Certicom, which markets Security Builder toolkits targeting various popular desktop, server, and embedded operating systems. Asymmetric cryptography is a marvellous technology. Its uses are many and varied.
Recent reports that the United States had broken codes used by the Iranian intelligence service have intrigued experts on cryptology because a modern cipher should be unbreakable. Four leading British experts told BBC News Online that the story, if true, points to an operating failure by the Iranians or a backdoor way in by the National Security Agency (NSA) - the American electronic intelligence organisation.
The first computer network in which communication is secured with quantum cryptography is up and running in Cambridge, Massachusetts.
Chip Elliott, leader of the quantum engineering team at BBN Technologies in Cambridge, sent the first packets of data across the Quantum Net (Qnet) on Thursday. The project is funded by the Pentagon's Defense Advanced Research Projects Agency.