Is RSA 512/640 still secure ?
Many crypt systems in the DVB TV systems are protected using RSA keys, usually between the 512 and 768 bits like Nagravision 2 and some others.
A few days ago (November 8, 2005) a team of German Federal Agency for Information Technology Security (BSI) announced the factorization of a 193 digits number (RSA 640), which in other words means that they get the both factors to produce RSA protected data without knowing the private key. Of course this do not means that they can break any RSA 640 protected data, they broken that key and only that key.
This fact is not very important for much people, as they are using PGP or big keys with 1024, 2048 or even 4096 bit of "security", but some jobs could be very jeopardized like some TV security systems, in example Nagravision 2.
Why can Nagravision 2 be in troubles ? Current cards are RSA protected (and some other tricks, but the main protection is based in RSA), the public key is known (extracted from the dumps widely available in internet). This dumps are taken from ROM 101 and ROM 102, but ROM 110, 120 and 130 are still secure, the hackers seens to be unable to gain control over the card using the previous techniques, but if they can produce custom instructions they will gain almost full control over the card. The problem is how to produce a custom instruction ? They need the so called "P & Q" (the RSA factors of the public key known, as the same key should be present in other ROMs of the same provider in order to process the same instructions), and that's exactly the challenge that the BSI team were able to do.
It looks easy, why nobody do it already ? The efforce to obtain "P & Q" is big, the BSI team expend around 4.5 months doing it (1.5 months calculating the matrix for the sieving and 3 months for the sieving itself) using 80 AMD Opteron running at 2.2 Ghz and connected using one Gigabit LAN.
So in theory (based in information gathered here and there) the security of this cards is a matter of time and money, as usual, but the time and money at the present moment is much less than one year ago and RSA 512/640 seens to be a non secure system right now.
More mathematical details about it at RSA 640 broken and Mathworld
A few days ago (November 8, 2005) a team of German Federal Agency for Information Technology Security (BSI) announced the factorization of a 193 digits number (RSA 640), which in other words means that they get the both factors to produce RSA protected data without knowing the private key. Of course this do not means that they can break any RSA 640 protected data, they broken that key and only that key.
This fact is not very important for much people, as they are using PGP or big keys with 1024, 2048 or even 4096 bit of "security", but some jobs could be very jeopardized like some TV security systems, in example Nagravision 2.
Why can Nagravision 2 be in troubles ? Current cards are RSA protected (and some other tricks, but the main protection is based in RSA), the public key is known (extracted from the dumps widely available in internet). This dumps are taken from ROM 101 and ROM 102, but ROM 110, 120 and 130 are still secure, the hackers seens to be unable to gain control over the card using the previous techniques, but if they can produce custom instructions they will gain almost full control over the card. The problem is how to produce a custom instruction ? They need the so called "P & Q" (the RSA factors of the public key known, as the same key should be present in other ROMs of the same provider in order to process the same instructions), and that's exactly the challenge that the BSI team were able to do.
It looks easy, why nobody do it already ? The efforce to obtain "P & Q" is big, the BSI team expend around 4.5 months doing it (1.5 months calculating the matrix for the sieving and 3 months for the sieving itself) using 80 AMD Opteron running at 2.2 Ghz and connected using one Gigabit LAN.
So in theory (based in information gathered here and there) the security of this cards is a matter of time and money, as usual, but the time and money at the present moment is much less than one year ago and RSA 512/640 seens to be a non secure system right now.
More mathematical details about it at RSA 640 broken and Mathworld
posted by JoshyFun | 11:59 PM
|
1 comments (Post your own)
