Another reason to go to smart cards:
"New Viruses Search For Strong Encryption Keys
Filed at 6:22 a.m. EST
"By Andrew Dornan for Data Communications, CMPnet
"In a paper published this week, two cryptographers contend that the long keys used by “strong” encryption programs are easier for intruders to find, and that a new generation of computer virus is tailored to locate them on hard drives.
"Adi Shamir of the Weizmann Science Institute Rehovot, Israel) and Nicko van Someron of NCipher Corp. (Cambridge, U.K.) say it's all too easy for viruses to take advantage of a key's randomness, the very feature that is supposed to make it hard to crack.
"Encryption keys consist of 40 to 2,048 bits of random data. These have to be stored on a computer's hard drive, where everything else is filed in a very logical, ordered way. Theresult is that chunks of randomness stand out, making them easy for a malicious program to track down. Even keys that have been erased can often be found, since only deleted files are removed from a PC's filing system, leaving the actual data stored on the disk until it's overwritten.
"Loading a key into memory also can leave a permanent imprint. The authors recommend that net managers store keys only on smart cards and securely delete them every time they are used. For further security, encryption programs can spread a key among different memory locations, or all data can be encrypted so that the entire hard drive appears to be random."
_________
The security breach here is in the public key/private key system that protects messages 'in flight' and allows only the recipient to decode them. If you can access a key, you can read the mail. To further explain, this is the area in which the computer industry and the FBI are fighting -- the FBI, CIA, NSA, etc., wants the right to hold security keys to fight crime, terrorism, and other military threats. They aren't getting anywhere with their arguments. |
