RSA crypto researcher defends report

February 21, 2012
Cyber Security, FedCyber Wire, Solution Providers
No Comment

Cryptography researcher Arjen Lenstra has this week responded to criticism of a paper he co-authored that claimed to uncover weaknesses within the implementation of the RSA encryption system. RSA, a division of IT giant EMC, says that there’s nothing wrong with the RSA algorithm, it’s an implementation issue mainly with random number key generation.

“If properly implemented, RSA is fine,” said Lenstra, the well-known crypto researcher who worked with James Hughes, Maxime Augier, Joppe Bos, Thorsten Kleinjung and Christophe Wachter on the remarkable project that included examining millions of X.509 public key certificates that are publicly available on the web.

That study (explained in the “Ron is wrong, Whit is right” paper) had the researchers examining 6.4 million distinct X.509 certificates and PGP keys containing RSA moduli, and “we stumbled upon 12,720 different 1024-bit RSA moduli that offer no security”.

via Tech-World, continued here.