Internet Encryption Algols are flawed- too little too late!

Some news from a paper I am reading- not surprised that RSA has a problem .

http://eprint.iacr.org/2012/064.pdf

Abstract. We performed a sanity check of public keys collected on the web. Our main goal was to test the validity of the assumption that di erent random choices are made each time keys are generated.We found that the vast majority of public keys work as intended. A more disconcerting fi nding is that two out of every one thousand RSA moduli that we collected off er no security.

 

Our conclusion is that the validity of the assumption is questionable and that generating keys in the real world for multiple-secrets” cryptosystems such as RSA is signi cantly riskier than for single-secret” ones such as ElGamal or (EC)DSA which are based on Die-Hellman.

Keywords: Sanity check, RSA, 99.8% security, ElGamal, DSA, ECDSA, (batch) factoring, discrete logarithm, Euclidean algorithm, seeding random number generators, K9.

and

 

99.8% Security. More seriously, we stumbled upon 12720 di erent 1024-bit RSA moduli that o ffer no security. Their secret keys are accessible to anyone who takes the trouble to redo our work. Assuming access to the public key collection, this is straightforward compared to more

traditional ways to retrieve RSA secret keys (cf. [5,15]). Information on the a ected X.509 certi cates and PGP keys is given in the full version of this paper, cf. below. Overall, over the data we collected 1024-bit RSA provides 99.8% security at best (but see Appendix A).

 

However no algol is perfect and even Elliptic Based Crypto ( see http://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Fast_reduction_.28NIST_curves.29 )has a flaw called Shor http://en.wikipedia.org/wiki/Shor%27s_algorithm

Funny thing is ECC is now used for Open DNS


http://dnscurve.org/crypto.html

The DNSCurve project adds link-level public-key protection to DNS packets. This page discusses the cryptographic tools used in DNSCurve.

ELLIPTIC-CURVE CRYPTOGRAPHY

DNSCurve uses elliptic-curve cryptography, not RSA.

RSA is somewhat older than elliptic-curve cryptography: RSA was introduced in 1977, while elliptic-curve cryptography was introduced in 1985. However, RSA has shown many more weaknesses than elliptic-curve cryptography. RSA’s effective security level was dramatically reduced by the linear sieve in the late 1970s, by the quadratic sieve and ECM in the 1980s, and by the number-field sieve in the 1990s. For comparison, a few attacks have been developed against some rare elliptic curves having special algebraic structures, and the amount of computer power available to attackers has predictably increased, but typical elliptic curves require just as much computer power to break today as they required twenty years ago.

IEEE P1363 standardized elliptic-curve cryptography in the late 1990s, including a stringent list of security criteria for elliptic curves. NIST used the IEEE P1363 criteria to select fifteen specific elliptic curves at five different security levels. In 2005, NSA issued a new “Suite B” standard, recommending the NIST elliptic curves (at two specific security levels) for all public-key cryptography and withdrawing previous recommendations of RSA.

Some specific types of elliptic-curve cryptography are patented, but DNSCurve does not use any of those types of elliptic-curve cryptography.

No wonder college kids are hacking defense databases easily nowadays!!

Indian Business Schools Alumni try to grow more equal

A message from one the IIM (Indian Institute of Management) alumni networks, just an example of how any global organization should make extra efforts to make things more equal- and (thus position their brand for a differentiated place for attracting talent)

http://en.wikipedia.org/wiki/Indian_Institutes_of_Management

The Indian Institutes of Management (IIMs), are graduate business schools in India that also conduct research and provide consultancy services in the field of management to various sectors of the Indian economy. They were created by the Indian Government[1] with the aim of identifying the brightest intellectual talent[1] available in the student community of India and training it in the best management techniques available in the world, to ultimately create a pool of elite managers to manage and lead the various sections of the Indian economy.

The IIMs are considered the top business schools in India.[3] All the IIMs are completely autonomous institutes owned and financed by the Central Government of India. In order of establishment, the IIMs are located at Calcutta (Kolkata), Ahmedabad, Bangalore, Lucknow, Kozhikode (Calicut), Indore, Shillong, Ranchi, Rohtak, Raipur, Trichy, Kashipur and Udaipur. (My alma mater is Lucknow)

 

IIMs being role models have shared knowledge and skills with other institutions to improve their quality and standards in management education


————————————————————————————————————–
IIM A Alumni Association has been reaching out to the alumni associations of other IIMs to broad base the brotherhood (no offense to the fairer sex. Couldn’t think of a replacement word).

IM Calcutta Alumni Association has been conducting a lecture series and has invited us for the next edition. The topic is “The Unlimited Person”

India’s ambitions today – particulary reflected in the Corporate Sector – are Unlimited. What mind-set does it take to realise these ambitions ? Minds that live in the past or in the future – as too many Indian minds do – limit themselves, their companies and their country.

This presentation gives several examples of our current average mind-set and talks about ways in which an unlimited mind-set can emerge, creating “The Unlimited Person”

The speaker will be IIM Calcutta alumnus Shashi Maudgal, Chief Marketing Officer of Hindalco Industries of the Aditya Birla Group. The date is Friday June 24th at Gulmohar at the India Habitat Centre . Time 7 pm.

We hope you will come for this lecture and benefit from Shashi’s experience and insights.

Jayaraman -PGP ’70 / Sunil Kala PGP ’73 / Salil Agrawal PGP ’83

T. Venkateswaran PGP ’85 / Rahul Aggarwal PGP ’94

Modified Ohri Framework

 

Some time back, I had created a framework for data mining through on demand cloud computing. This is the next version- it is free to use for all, with only authorship credit back to me…………..
 
It tries to do away with fixed server ,desktop costs AND fixed software costs in softwares which are used for data mining ,stats and analytics and have huge huge per CPU count annual license fees

 

The modified Ohri Framework tries to mash the following

 

0) HTTPS rather than HTTP

1) Encryption and Compression Software for data transfer (like PGP)

2) Open source stats package like R in cloud computer (like Amazon EC2 or Rightscale  with hadoop)

3) GUI to make it easy to use (like Rattle GUI and PMML Package)

4) A Data Mining Open Source Package (like Rapid Miner or Splunk)

5) RIA Graphics (like Silverlight )

6) Secure Output to cloud computing devices (like Google Docs)

7) Billing or Priced at simple cost plus X % (where simple cost can be like 0.85 cent /per instance hour or more depending on usage and X should not be more than 15 %)

8) Open source sharing of all code to ensure community sandboxing

 

Intention is to remove fixed computing costs of servers and desktops to normal PC’s (Ubuntu Linux ) with (Firefox or IE Explorer ) access to secure data mining on demand .

On tap demand mining to anyone in the world without going for the big license purchases/renewals (software expenses) or big hardware purchases (which become obsolete in 2-3 years).