The days of relying on encryption to protect private data are coming to an end after it emerged that the use of distributed computing resources resulted in the cracking of the seemingly impregnable 769-bit RSA encryption standard.
Hot on the heels of news that the GSM A5/1 encryption system has been cracked comes reports that a second crypto system – 768-bit RSA – has now been hung out to dry using a cluster PC brute-force approach.
It emerged over the weekend news that the 768-bit RSA encryption was cracked – generating a huge five-terabyte password file in the process.
“Cracking this crypto system using a 2.2GHz Opteron processor-based PC would reportedly have taken around 1,500 years, but the process has been dramatically speeded up using distributed computer resources and cluster PC approach,” said Andy Cordial, managing director with the storage systems integration specialist Origin Storage.
“Whilst this crypto cracking feat is impressive, it highlights the fact that the days of relying on encryption alone as a means of defending private data are now drawing to a close,” he added.
Protection of sensitive data
According to Cordial, the use of a PIN-based protection – and even biometric authentication – alongside a fully encrypted drive is now the logical choice for companies wanting to protect sensitive data from prying eyes.
Now that a 768-bit RSA crypto decryption table has been produced, Origin’s MD says that organisations can no longer expect their encrypted data to be secure from anyone equipped with a RAID-driven high-powered PC.
And, he explained, it’s even conceivable that a regulator at some stage in the future may take a dim view of, say, a bank claiming that its encryption system is sufficient to protect customer data – especially in a mobile situation – from prying eyes.
We are, said Cordial, rapidly reaching the stage where a single layer of protection for data is starting to become about as effective as a chocolate teapot against high-powered crypto hackers.
“And since biometric-enhanced encryption systems are still relatively expensive, the logical choice is a PIN/password-enhanced external encrypted drive such as our DataLocker range, which uses a hardware based AES/CBC encryption chip, backed up by an onboard PIN/password unit,” he said.
“At the very least, this will allow the CEO or chairman to put his/her hand on heart and say the company’s data is secure whilst in transit from one place to another. That’s a claim you can’t truly make anymore with single factor encryption,” he added.
By John Kennedy