Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices that corporations and government organizations use to access networks, encrypt hard drives, and digitally sign e-mails.
Two researchers in the Netherlands helmed the construction of a LEGO Turing machine, a quirky manifestation of the classic computer science concept first devised by Alan Turing in 1936.
The device, built by Jereon van den Bos and Davy Landman using a single LEGO Mindstorms NXT set, is one of the most impressive — and simple — attempts we’ve seen at building a physical Turing machine.
The MD5 collision attack used by the creators of the Flame malware was significantly more difficult to pull off than an earlier attack that resulted in the creation of a rogue CA certificate, says security researcher Alexander Sotirov.
In December 2008, at the Chaos Communication Congress (CCC) in Berlin, an international team of security researchers that included Sotirov presented a practical MD5 collision attack that allowed them to obtain a rogue CA certificate signed by VeriSign-owned RapidSSL.
The Enigma cypher machine used by the German military in World War II is still a tough nut to crack today. The total number of ways it can be configured for every letter is around 150 million million million. That's enough to keep it beyond the reach of all but the most determined of brute force attacks.
So how were the late Alan Turing (whose 100th birthday is being celebrated in academic circles this June) and his fellow Bletchley Park code-breakers able to crack the Enigma and provide the Allies with such priceless intelligence?
When SandForce announced the SF-2000 SSD controller family, it touted the controller's ability to encrypt data with a 256-bit AES algorithm. The previous generation of SandForce controllers did 128-bit AES encryption, but the new chip added a second hardware engine with AES-256 support. Trouble is, the SF-2000 controller's 256-bit encryption doesn't work properly. Although the latest SandForce controllers encrypt data using AES, they do so using only 128 bits.