Passwords, passwords everywhere, but they don't really do any good.
For all the ingenious suggestions we've seen of how to construct passwords that are both hard to break and easy to remember, the truth is that the overwhelming majority of passwords are susceptible to brute-force attacks, if they aren't just easy to guess in the first place. The entropy required to resist brute-force decryption long ago outstripped anything people are willing or able to remember. What's more, the number of people willing and savvy enough to develop their own individual algorithms is vanishingly small.
Some place their faith in dual-factor authentication, combining a password with a physical object such as an access token, which generates cryptographic keys. For more than 10 years, the market for access tokens has been dominated by RSA's SecurID, which generates keys at brief intervals based on a random seed key.
RSA's dual-authentication approach seemed the gold standard -- at least until RSA's own network was breached last year. Now there's a new threat to security tokens: the possibility that they too can be cracked by an automated attack.
A group of researchers has demonstrated a method to compromise SecurID, and several other tokens, in as little as 13 minutes. The scientists, calling themselves "Project Team Prosecco," and hailing from several European countries, plan to present their method... at the Crypto 2012 conference in August. Anyone keen to see the details can take a look at their reports.
Physical access to the keys is required, as well as the user's PIN. It's then possible, using this method, to intercept encryption data sent to the token, and by introducing and testing errors to recover the underlying "plaintext."
RSA was quick to respond, denying that the report covers any "new ground" and arguing that only encryption data sent to the card can be compromised by this method, not private keys (like the "One-Time Password" functionality) held on the card itself. RSA also argues that once a hacker has possession of the token and the user's PIN, cracking the token is unnecessary. The problem with that claim, of course, is that a PIN is a weak final line of defense.
Some analysts, however -- such as Matthew Green, professor at the Johns Hopkins Information Security Institute -- find merit in the researchers' work. Describing the results as "nifty," Green explains how the Prosecco team took a previously demonstrated method of cracking access tokens, the "Bleichenbacher attack," optimized it, and made it more efficient. The Bleichenbacher approach had no practical utility with tokens since it required millions of decryption attempts, and the tokens take several seconds to compute each attempt.
The new technique requires only a few thousand attempts: hence the new record set for cracking SecurID.
While it's clearly not the case that this report renders access tokens useless -- indeed, it affords manufacturers an opportunity for correction and improvement -- it does reveal vulnerability. Green quotes Bruce Schneier -- "attacks only get better, they never get worse" -- and makes the telling point that manufacturers should not settle for broken systems just because foreseeable attacks seem impractical.
In other words, now that hackers -- white-hat hackers in this case, fortunately -- have their collective toes in the door, we can expect the door to be forced relentlessly open.
— Kim Davis , Community Editor, Internet Evolution