Blog

Archive for February, 2012

Weak Random Numbers Are Achilles Heel for Encryption

Friday, February 17th, 2012

There have been some revelations circulating that researchers have determined that a very small percentage of public keys used for encryption are inherently weak. Bruce Schneier, a respected cryptologist and Chief Security Technology Office of BT, says in a blog post that the issue is almost certainly the result of a flawed random number generator.

Schneier explains, “This shouldn’t come as a surprise. One of the hardest parts of cryptography is random number generation. It’s really easy to write a lousy random number generator, and it’s not at all obvious that it is lousy.”

Schneier goes on to address the issue of what impact  this has in terms of real-world security, and the encryption keys being used today:

What is the security risk? There’s some, but it’s hard to know how much. We can assume that the bad guys can replicate this experiment and find the weak keys. But they’re random, so it’s hard to know how to monetize this attack. Maybe the bad guys will get lucky and one of the weak keys will lead to some obvious way to steal money, or trade secrets, or national intelligence. Maybe.

The random number generator (RNG) forms the foundation for creating keys, so any RNG that is in any way predicatble weakens the security of the whole system.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

Texas Police Officer Details Exposed

Monday, February 6th, 2012

The hacktivist collective known as Anonymous is taking credit for exposing the names, addresses, and police departments of hundreds of Texas police officers. The group hacked the Texas Police Association website to obtain the data because it feels that the official response to a police officer found to be collecting child pornography is too timid.

While it is understandable to be upset, and sympathize with the cause, the actions of Anonymous can’t be excused. Compromising personal information of law enforcement officers doing their duty to protect their communities in retaliation for the actions of a sick rogue officer, or even the seemingly tepid response to his alleged crimes crosses the line no matter how you slice it.

That said, this also isn’t the first time the Texas Police Association has been targeted, and there is also no excuse for why sensitive information like the personal addresses of police officers is not better protected. The Texas Police Association needs to take a close look at its network and data security measures. It should have tools in place that encrypt and protect the data stored there even if hackers manage to compromise the server itself.

Tags: , , , ,
Posted in Data Storage Security | No Comments »