Skip to main content
banner image
venafi logo

Are We There Yet? French Team Cracks the Longest Encryption Algo To Date [Encryption Digest 22]

Are We There Yet? French Team Cracks the Longest Encryption Algo To Date [Encryption Digest 22]

image of a POS calculator printing a long receipt
December 12, 2019 | Katrina Dobieski


What do you do in your spare time? It recently took a team from France only 35 million computational hours to crack RSA-240–and do it with record-breaking speed. What bearing does this have on the industry? That answer might be as interesting as the fact that the International Criminal Police Organization faced backdoor backlash at their own conference. How some governments are getting around encrypted apps like Telegram and TikTok, and how the US is drawing a hard line to stop it. Why some US-based tech companies might face difficult terrain as a proposed bill seeks to keep homegrown consumer data in the US, and how encryption protocol, messaging apps and user privacy are being weaponized in the fight for today’s most lucrative asset–data.
 

 

 

 

How Big of a Deal Is This? China [Could] Steal Our Data


Chinese-based TikTok has been collecting information from US users for some time now. However, it keeps it physically stored in the US. However, US government officials fear that, if asked, the company would turn the data over to the Chinese government.
 

“When aggregated, the data could be useful in improving Chinese machine learning tools to help China better understand, predict and manipulate the behavior of Americans,” says Jim Baker, former FBI general counsel.
 

Senator Josh Hawley has proposed a bill limiting flow of information to foreign data companies, including specifically no transfer of American data, no sharing of encryption keys to access that data, and no storing of American data offshore.
 

After all, TikTok holds no state secrets. What’s the worst that could happen with unencrypted user data being readily available?
 

Well, for that lesson, we don’t have to squint too far into the past. Still embroiled in the 2016 election debacle, it is likely that some foreign power manipulated US consumer data for the purpose of controlling political outcomes. And then there’s the not-too-distant Cambridge Analytica scandal, which has continued to unravel. Unearthed findings chronicle how social media data and unencrypted information were used to sway political elections in the Caribbean, to unfortunate landslide success.
 

So, are the US actions of an immediate consumer data freeze excessive? It remains tricky to predict as economic implications might be felt immediately, and political safety is a little harder to measure. Either way, with the value of data now surpassing that of oil, every entity is scrambling to protect and encrypt their own and are willing to pay for it. Are we?
 

Related Posts:



Interpol Says – We Won't Say Anything More on Backdoors [for Now]


The International Criminal Police Organisation met at Lyon several weeks ago for their group conference, and the rest is pretty confusing. Apparently, the group had planned to release a statement mirroring the Five Eye’s previous call to tech companies to essentially create encryption backdoors.
 

Opposition to the announced statement was reported to have been so staunch that the organization decided to wait on its release until they had “reconsidered.”


Later, the press team for Interpol said there were no such plans to release any such statement.
 

Whatever the particulars weren’t, the general message comes across—international policing forces, government agencies and several western nations are continuing to throw their support behind the installation of encryption backdoors, to the general pushback of the tech community, and perhaps now others. At the Interpol conference, no less.
 

This is mainly nothing new.
 

What is interesting, though, is that while some organizations are waiting for legislation, permission and an invitation (thank you, we might say), others are getting in any way they can—or shutting down anything they can’t get into.
 

Russia, who is set to get their own internet soon, recently shut down use of the encrypted Telegram app sparked by its refusal to grant them access into its users’ encrypted messages. Somehow, most Russians are still able to gain access.
 

Iran is also providing some opposition, mandating that Telegram servers be moved outside the country and all in-bound Telegram traffic be routed through the state-controlled internet gateways.
 

While this and other apps continue to function in the United States, sensitive information published by Wikileaks also boosts probability that US government agencies like the CIA may already be able to crack encryption on WhatsApp, Signal and Telegram.
 

As has surfaced before, the rising questions in this debate might still be—who wants it more, and why?
 

Related Posts:



Are We There Yet? French Team Cracks Longest Encryption Algo to Date


Don’t try this at home. Unless you have 35 million computing hours on your hands.
 

French researchers did, and triumphantly solved the math for RSA-240, a 795-bit integer in less time than the previous 768-bit record holders. What exactly did they do?
 

Emmanuel Thomé at the National Institute for Research in Computer Science and Automation in France, and his team, had to break down the massive semiprime number into its two prime factors. RSA encryption, as a refresher, is built on the mathematical security of a semiprime integer—795 digits long in this case. The key is to quite literally find the two factors that multiply to equal that number.
 

To deduce the two numbers that go into a semiprime (think a number only divisible by its two primes, one and itself), there is no formulaic method. Computers working millions of hours had to brute force numeric guesses, finally arriving at the solve that testified to the advancements of computing technology and gave a nod to Moore’s law—which states the number of transistors in an integrated circuit doubles every two years, and implicitly, computing power along with it.
 

It’s always good to do a temperature check on where our computational abilities stand against the current standards of encryption, and with the last record for factoring the 768-bit integer set back in 2010, it was about time. Although RSA 240 is still considerably under the length used for practical encryption security, it provides a needed update as to the evolution of the industry and how quickly our encryption standards should evolve along with it.



 

Related Posts

 

Like this blog? We think you will love this.
microsoft-office-macro-ban-backtrack
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more