Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA's Servers Hacked

Posted by timothy on from the blame-israel-everyone-else-does dept.

Khopesh writes "EMC subsidiary RSA was the victim of 'an extremely sophisticated cyber attack' which resulted in the possible theft of the two-factor code used by their SecurID products." The Boston Herald has a short article on the intrusion. Update: 03/17 23:54 GMT by T : Reader rmogull adds "With all the hype that's sure the explode over this one, we decided to do a quick write-up to separate fact from speculation."

2 of 172 comments (clear)

  1. Re:Crap, crap, crap by Anonymous Coward · · Score: 5, Informative

    Are you talking about SecurID smartcards? If so then the hackers wouldn't have any advantage against those. Those use standard PKI and the private key is protected in hardware on each person's specific card.

    What got stolen was the code used in those SecurID tokens. You know those key-fob things that stay in sync based on time and generate a new token every x number of seconds. However, even if the hackers got the algorithms for how that works it still wouldn't help them because the algorithm again uses a set of private data (keys) for each installation. The hackers would have to get that data along with the algorithm they presumably have now.

    In short, this probably means that security will be unaffected. The only difference is now some people know exactly how the time based key fobs work. Which you could figure out anyway if you disassembled the RSA server software. Pretty much what RSA said.

  2. Re:Can someone please... by iris-n · · Score: 5, Informative

    Oh come on!

    This is so wrong that I can't believe you're not malicious.

    As your own article admits, there's nothing that stops a quantum algorithm that breaks McEliese being invented tomorrow. There's not even evidence that such an algorithm is unlikely to exist. That's why McEliese is worthless and nobody pays attention to it.

    When you say QC has been broken, you're probably referring to the implementation of BB84 by IdQuantique that was broken by the norwegian quantum hackers. They themselves say that QC is not broken: http://www.iet.ntnu.no/groups/optics/qcr/

    It was only a particular implementation that was broken, not even a particular protocol. That's because it can't be broken. Of course there is not such a thing as perfect security, but BB84 (and other protocols) is based on sound principles, and we have numerous proofs (yes, mathematical proofs) of security for various scenarios.

    --
    entropy happens