Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

RSA Tokens – Can They Really Be Cracked in 13 Minutes?

June 28, 2012

Well, that's what one group of computer scientists claim with respect to the RSA SecurID 800.

For many years, businesses and the government have given employees a card or token that produces a constantly changing set of numbers. Those devices have long been the preferred method of securing electronic date because you couldn't get access to the data without a secret key generated by the devices.

The New York Times reported on the story and the scientists who made the claim, who call themselves Team Prosecco (perhaps I should try deriving inspiration from Prosecco?). The scientists not only say they can pry open the RSA SecurID 800, but similar tools made by other manufacturers. They published their findings in a paper which will be presented at a cryptography conference in August.

RSA says it is looking into the matter. I'll bet it is. This is not the first challenge to RSA. In March of 2011, RSA announced that hackers had breached its data protection and Lockheed Martin announced some months later that its computer network had been penetrated by hackers exploiting the RSA vulnerability.

Cryptographers have long warned that the standards used by these encryption tools were antiquated and susceptible to attack. Companies have tended to think that it would take a long time to crack their keys and that hackers would therefore find it impractical to do so.

The new paper challenges that assumption. The RSA token took the shortest time to open: 13 minutes. A device made by Siemens took slightly longer: 22 minutes. A third device, made by Gemalto, based in the Netherlands, took 92 minutes.

I love that security researcher Dan Kaminsky refers to cryptography as the "molasses of computer science." He says that it advances so slowly because scientists are busy fixing technologies that are "on fire" and less likely to address those that seem merely theoretically problematic.

But if the paper is accurate, we have a fire of enormous proportions about to rage across the electronic world.

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

RSA Tokens – Can They Really Be Cracked in 13 Minutes?

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer