Cybersecurity

Attack renders popular encryption hardware vulnerable

Popular chips used to encrypt smart cards and other hardware have security flaws rendering the encryption easy to crack.

The software library for the latest-generation Infineon brand chips has a problem in its implementation of the RSA encryption standard, first discovered by researchers at the Centre for Research on Cryptography and Security.

Companies including Google, Microsoft, Fujitsu, HP and Lenovo use the chips.

{mosads}RSA encryption is based on generating extremely hard to solve math problems — figure out a solution to the math problem and it is possible to crack encrypted messages. Essentially, the Infineon library was not generating hard enough problems. 

The researchers noticed that an old shortcut, known as the Coppersmith’s method, could solve some of the encryption keys that were being generated by the library. They have nicknamed the flaw in the library ROCA — return of the Coppersmith’s method.

Shortcut is a relative term. The longer the key, the longer it takes to solve the math problems. For each vulnerable 1024 bit key, it could take a single-core CPU three months to crack the encryption. For a 2048 bit key, it would take 100 years. The cost of electricity alone to crack 2048 bit keys could equal $40,000.

Each added bit makes cracking the encryption exponentially more difficult. The researchers note that larger keys might still be impractical to break using ROCA.