Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
Last week gave way to a flurry of activity around RSA and an alleged cryptographic flaw in the algorithm based on this report by Arjen K. Lenstra, James P. Hughes, Maxime Augier, Joppe W. Bos, THorsten Kleinjung, and Christophe Wachter. RSA’s Sam Curry writes a post here, as well as posts by Dan Kaminski, Nadia [...]
Our team thought it would be interesting to make a few predictions for the upcoming year related to payment security. Some (unfortunately) don’t require a crystal ball, but for many others, the decrypted answer from our secure Magic 8 Ball is probably “outlook not so clear”. I’ll offer five we feel pretty confident about this week, and another five in our next post.
The importance of visibility and collaboration in cryptography was confirmed recently by academic work exposing a flaw in AES. One August researchers from the University of Leuven, in association with Microsoft, announced the discovery of the first flaw in the AES algorithm. This flaw enables the decryption of AES-encrypted data if the key length is 128 bits. Any discovery of a flaw is significant, particularly in an algorithm as widely used as AES. But the flaw does not represent a significant liability for data encrypted with AES. Exploiting this vulnerability requires a very specific set of circumstances. So the more significant risks for data encrypted with AES continue to be key management issues related both to the strength and entropy of the key and to the protection of the key.
If you think about it, I’m sure it would come as no surprise that an average gas station/convenience store conducts more credit card transactions per day then practically any other type of merchant – usually on the order of two or three times as many transactions. And with that many transactions, petrol merchants are prime targets for credit card theft.
Auditors prefer encryption over tokenization for protecting internal data at rest. To me, those findings are completely unsurprising, for the exact same reasons that I choose the same menu items over and over: we prefer the things with which we are most familiar.
Five years from now, I think we will look back at 2010 as the beginning of a revolution in the way merchants interact with credit card data.
