Here's how SSL works (simplified):
- persons 1 & 2 agree on a base number (x)
- person 1 raises x to the power of a large secret key (y1) = z1
- person 2 raises x to the power of a large secret key (y2) = z2
- persons 1 & 2 exchange values z1 & z2
- person 1 raises z2 to the power of y1 = k
- person 2 raises z1 to the power of y2 = k
The security of the process hinges on the fact that an eaves dropper wouldn't be able to take x and z1 (which are both passed openly) and quickly figure out y1 (the secret key) -- or do the same for y2. If that were possible, they would be able to listen in on SSL transactions. And that's pretty much what these researchers are now able to do.
The article suggests that "For the moment, enterprise computers seem pretty secure, since you'd have to be a quantum physicist to crack today's codes." But, one might speculate that if a secret is worth enough to a would-be attacker, quantum physicists or their tools may become purchase-able. It's probably not a big deal for joe consumer, but for governments, large defense contractors and the like, it's probably time to take a look at their use of certain algorithms in asymmetric encryption. That analysis of course should be and probably is a continuous, on-going process. Interesting stuff.
No comments:
Post a Comment