Re: Break in at RSA



Am 25.03.2011 09:22, schrieb Mok-Kong Shen:
Am 25.03.2011 02:03, schrieb Greg Rose:
In article<imggt0$tln$01$1@xxxxxxxxxxxxxxxxx>,
Mok-Kong Shen<mok-kong.shen@xxxxxxxxxxx> wrote:
Am 24.03.2011 15:52, schrieb Phoenix:

Hi M.K.Shen

Very strange indeed.
Perhaps this is a response to my three questions?

See:
http://www.technewsworld.com/story/72100.html

(For clarity to other readers: Now all three URL's work. But at the time
of my first post both URL's given by amzoti didn't.)

If an algorithm is o.k.
[snip]

I think that, as usual, M-K hasn't read anything
he is talking about. The break-in at RSA seems to
have been used to steal secret information (some
people speculate the key database) used for the
tokens that display a new 6-digit code every
minute. This has nothing at all to do with the RSA
public-key algorithm. In fact, cryptographically,
it's a non-story.

Did I in my post EVER doubted the (theoretical) satisfaction
of RSA or even the science of cryptography in general ???!!!

The trouble I have is that I couldn't really make much sense
(due certainly in part to my non-perfect English knowledge)
of the article. I want thus to learn from an expert of our
group what actaully happened in more elementary English words.

Before such an explanation the only thing I could think of
would be something of the gendre of backdoors (of which I
recently had some threads in this group), whether intentionally
installed or occurred by programmer ignorance. (BTW, wouldn't
the database issue you mentioned relevant in this regard??)

I like to ask a more concrete question: The secret information
that is stolen and that could lead to weakness is not from the
users of the software but from the software producer, right?
If so, then anyone who has such insider knowledge could exploit
the weakness. If that's not considered a backdoor, what then
is such a one?

(I am very surprised that you consider the story to be a 'non-story',
i.e. of no significance at all.)

M. K. Shen


.