RSA brushes off crypto research findings that RSA algorithm is flawed

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/news/2012/021612-rsa-crypto-256267.html

By Ellen Messmer
Network World
February 16, 2012

After having its flagship RSA crypto system called flawed this week by 
prominent researchers in a paper they made available online, EMC's RSA 
security division struck back by saying the paper's results don't 
indicate a fundamental flaw in the RSA algorithm but more likely a 
problem with implementing it.

"On Feb. 14th, a research paper was submitted for publication stating 
that an alleged flaw has been found in the RSA encryption algorithm," 
RSA said Thursday in a statement. "Our analysis confirms to us that the 
data does not point to a flaw in the algorithm, but instead points to 
the importance of proper implementation, especially regarding the 
exploding number of embedded devices that are connected to the Internet 
today."

Ari Juels, chief scientist for RSA, told Network World that "the study 
is useful" as it pertains to the "failures of crypto protocols during 
random-number generation." But he faults its core idea that the RSA 
algorithm is somehow fundamentally flawed.

"I'd say all cryptography relies on good true random-number generation. 
And when that goes wrong, the protocol breaks," Juels says. He faults 
the conclusions of the paper that there was something intrinsically 
wrong with the RSA algorithm. The paper might have found that the RSA 
algorithm "might be a little less robust than another one," but "it's 
obviously not a problem with the RSA algorithm, it's the way the keys 
were generated."

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly.  Best program, best price.
www.ExpandingSecurity.com/PainPill