That Crypto Hole Is Probably Not A Threat, But It's Still A Wake-Up Call

If you liked 500-to-1 odds against your encryption keys being bad, it's even better: The cryptographic hole that surfaced last week appears to be completely confined to devices such as consumer-grade routers. But even RSA, whose key security was questioned by the original report, now says it should serve as a wake-up call for network security, especially among retailers.

"This is one reason why the PCI SSC is spending a lot of time developing very detailed solution requirements for new technologies like Point-to-Point Encryption," said RSA spokesman Rob Sadowski. "It's not enough to have the best security tools if they are not implemented and deployed well."

According to other researchers who have now combed through the original report, most encryption keys used for Secure HTTP access to Web sites are created correctly, using random-number generators that really are highly random. The weak keys apparently come almost entirely from standalone devices such as firewalls and routers, which often generate their keys automatically the first time they're turned on—not a situation that's guaranteed to create a lot of randomness. And RSA's crypto technology wasn't specifically at fault.

So—was this all a false alarm? Not really. Even critics of the original report say it's full of useful data, though they disagree with the conclusions. And the consensus seems to be that there are bigger problems with encryption keys that need attention, along with issues of weak keys.

One major problem: Web sites (including E-Commerce sites) that don't actually present public encryption keys that are registered with Certificate Authorities. If encryption keys aren't registered with a CA, a customer's browser can't check them to make sure they're valid. And if the browser doesn't check, it doesn't matter how random the encryption key is.

"The point is that, for the most part, clients don't care, nothing is checking the validity of device certificates in the first place," wrote security researcher Dan Kaminsky. "Most devices, even security devices, are popping these huge errors every time the user connects to their SSL ports. Because this is legitimate behavior—because there's no reason to trust the provenance of a public key, right or wrong—users click through."

Large retail chains should be less likely to have that problem, because a lack of functioning security on a retail Web site that takes payment cards should be picked up during a PCI audit, with very unpleasant results.

But a related problem is the case when a site's certificate is valid, but not for a particular page on the site. That could happen because a certificate is good for a URL in a particular form—say, *—but a link that calls the page just starts with ""

(At least one academic researcher we quoted this week had that type of problem link on his Web site. It was a link to his homepage at his institution, but it threw a "This connection is untrusted" error. Naturally, we clicked through—but that's not the sort of thing you want customers on your E-tail site to see just before you ask them for a payment-card number.)

And although unverified or invalid security certificates are probably a bigger problem than weak keys, those keys are still worth checking. The original researchers made it a point to try to notify the owners of weak encryption keys they found. Another group of researchers headed by Nadia Heninger at the University of California, San Diego, says they are now working on a Web site where keys and devices can be tested for vulnerability.

It's still worth watching—that's always the nature of security. But as the security specialist at a major retailer whom we talked to last week summed it up a few days ago, "The advice to 'not panic or overreact yet' remains in place."