“The report of my death was an exaggeration.”
- Mark Twain
- Douglas Adams, Hitchhiker’s Guide to the Galaxy
“Information, usually seen as the precondition of debate, is better understood as its by-product.”
- Christopher Lasch
The purpose of expository writing isn’t to be unassailable: you don’t write a paper to show how smart you are and how towering your untouchable intellect is. The purpose of exposition is in fact to invite debate and discussion and criticism. This is healthy; and if this makes sense to you, spark up your computing platform of choice, pull up your chair, roll up your sleeves and join in because blogs and social media should not be about advancing an ego but rather should be about rip-roaring issue examination on all sides!
With that in mind, I’d like to draw attention to something precisely to increase responsible dialog around what most would expect is a thorny subject or needs to be avoided but instead needs to be seen and read and commented on. On Valentine’s Day, a research paper titled “Ron Was Wrong, Whit Was Right” was submitted for publication stating that an alleged flaw had been found in the RSA encryption algorithm.
And here’s the important point: while RSA does dispute what we see as the questionable conclusions made by the researchers, we believe the research itself is a good thing.
Why is it good? Well, for several reasons, but here’s the first 3 that come to mind…
- Research testing security is what makes security stronger
- Publishing it is important to spark discussion and debate
- Even though there isn’t a weakness in the RSA algorithm here, it does point to an important weakness that is lurking in most crypto-systems – good cryptography depends on proper implementation.
It’s this last point that I’d like to dive into. Our analysis of the data does not point to a flaw in the RSA algorithm itself but instead points to an important problem in cryptosystem implementations as a whole. In particular, good cryptography (including RSA’s) depends on proper implementation. The importance of proper implementation is critical and can not be overstated. Let me draw a simple analogy here.
Source: http://mexicofoodandmore.com (Mole Poblano ingredients)
Imagine a talented chef who invests in the best kitchen money can buy, buys the best tools imaginable, sets up the best restaurant and hires the best staff they can find and sets up an amazing restaurant. And then imagine that chef then skimping on ingredients: buying produce that was older, poorer quality, easier to supply all to save a small amount on cost or to favor a friend or relative who happens to sell suspicious ingredients and veggies and the like.
If the patrons who ordered dinner there were disappointed, should they blame the tools or kitchen equipment provider? No, they should blame the sourcing of ingredients and most likely the choices of the frugal (but talented) chef. That’s because for a truly great restaurant to succeed, it is only as good as the weakest link in delivering quality plates to customers. The system as a whole has to be measured and managed, and care has to be paid to the critical path providing a finished product to a consumer.
The analogy is no doubt obvious to programmers and security experts: the research paper in this case found a problem with security, but frankly the problem isn’t with the RSA tools here, it’s with the “ingredients” further upstream. The devil in this system is in the random number generation. The ingredients here that lead to suspicious cryptographic end-products were flawed well before the computation that produced a key pair.
Good cryptography, including RSA’s, without exception depends on proper implementation. True random number generation underpins nearly all cryptographic algorithms and protocols because we are striving for computational complexity to make cyphers hard to break. That demands entropy, and poor entropy is a killer.
True random number generation must be performed with care to protect against weakening of well-designed cryptographic tools. A good chef wouldn’t allow the use of tainted ingredients, and a good architect won’t allow the use of poor random number generation to go into their cryptosystem.
I won’t belabor the point beyond this because others have done a much better analysis along the way. Dan Kaminsky, for instance, has done a great job analyzing the report in a detail in “Survey is good. Thesis is strange.”
And David Wachtfogel addresses the topic with astute analysis and welcome humor in his “Good Enough Security Blog.”
Don’t take our word for it: Go check ‘em out.
In my opinion, it is crucial to get this right, especially regarding the exploding number of embedded components that are connected to the Internet today. That’s really why I welcome this form of research: keep testing the pillars of security like the RSA algorithm because the irony is that is what makes those pillars stronger. In this particular case, it also highlights the systems point, and that’s a very good thing right now.
So let’s all take a close look at this and take a lesson to heart: go and look at the systems you’ve built and test the quality of the whole. Make sure that the cryptographic primitives in use are solid and that something as fundamental as random number generation is done right.
The RSA algorithm is solid because it has withstood such scrutiny for decades from multiple sources, and it must continue to withstand such examination. The irony is that it must be questioned and tested to make it better, just as we must put ideas out there not just to be seen to be intelligent or to inflate our egos: we must do it to create a debate and a forum for pushing the frontiers of security forward.