The secure handling of sensitive data in web server backends is the primary reason I haven't trusted e-commerse yet. many of the sites I have wanted to do on-line business with, either didn't support SSL or when they did, allowed the same URL to be opened with HTTP: vs the https: not to mention where / how they eventually store your information.

I see a bigger problem with the PKI system. All security risk assesment is based on how long it would take someone to do a raw try every combination brute force attack or some sort of smart factoring attack.

While writing micro-code to do an integer square root, I realized a way to solve irreversible computations. In the case of my integer square root, It solved for a 32 bit square root by trying all 16 bits of the root one at a time. If the resulting root squared was too large then, that bit was left off, going from the most significant bit to the least significant bit.

I see PKI as a similar problem. The initial transaction that occurs in PKI is a way to trade a session key. The message containing this session key is relatively short and as such will likely be padded with additional random bits to create a PKI packet. I fear that the bits for the plaintext version of the packet can be guessed using a similar try a bit at a time approch to my square root solution. I figure the compexity goes from 2^N required brute force attempts down to N^2 or N^3 attempts.

The only potential wrench, i can see in implementing such an attack is the modulo arithmetic that is used. In general the modulo arithmetic would likely generate false positives that would throw off the feedback needed to detect the correctness of trying each bit. In addition to the likelyhood that the modulus is not a power of two resulting in a messy virtual bit mapping. The ability to detrermine the correctness of a bit being required or not, is key to making this technique work. A simple greater than or less than test will not work. Something along the lines of counting how many cyphertext bits match when trying each bit, taking the one with the best match, before trying for additional bits.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/60/10555#10555