Slashdot Mirror

← Back to Stories (view on slashdot.org)

Weak Elliptic Curve Cryptography Brute-Forced

Posted by timothy on from the 100-billion-dollars-for-the-next-contest dept.

thegrommit writes "It seems one implementation of elliptic curve cryptography has been broken. It took four years to break a 109 bit key, but the contest sponsors (who provide encryption products for Cisco, Nortel and Palm among others) believe it's still impossible to break their 163 bit keys. The real question is, for how long?" Update: 11/07 01:59 GMT by T : Dan Kaminsky wrote to point out that the key here was really brute forced, and not broken -- that is, no fundamental flaw was discovered in the algorithm.

4 of 270 comments (clear)

  1. Impossible by Skyshadow · · Score: 5, Insightful

    Impossible seems like a pretty weird word to ever use in this sort of situation. "Very, very difficult" or "requiring technology or techniques in advance of what is presently available" might be more accurate.

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  2. Even if it was "broken" ... by binaryDigit · · Score: 5, Insightful

    The time is the most significant factor here. If this was military use, the 500+ days it took to break wouldn't worry anyone since any message more than a few days/hours old is pretty much worthless. If someone where more concerned about long term security, they could setup a system to refresh the keys on any encrypted data, say every year or every quarter.

  3. Re:Brute-Forced != broken by FamousLongAgo · · Score: 5, Insightful

    'Breaking' is a term of art in cryptography. It means finding a solution that requires less time than a brute-force search. Even a 1% improvement qualifies as a 'break', although it might not have any practical value.

    It's a valid distinction to make, since a flawed algorithm may be unsafe at any key length.

    --

    A customer service representative will be with me shortly.
  4. too new... to say impossible. by jukal · · Score: 5, Insightful

    (or unfeasible to be exact) The study of elliptic curves - as a branch of mathematics is not very old one. And as Elliptic Curve Cryptography originates from this theory .... I think this is one of the main reasons why it has not yet been commonly approved for mission critical tasks. Currently, yes, we do know that it is pretty(very) strong against brute-force attacks - but there is still a significant chance that a fundamenta flaws or new discoveries are achieved in ECC theory - leading to easy compromise of previous implementations based on it.