Ensuring computer security has just become much harder. In a message on the Internet, Adi Shamir, an eminent cryptographer, has revealed a new way to crack the most popular schemes for encrypting messages passing over the Net and telephone lines.
Shamir, a mathematician at Israel's Weizmann Institute, is famous for helping to create a widely used encryption algorithm: RSA. (Shamir is the "S" in "RSA.") Now he and Eli Biham, a computer scientist also at Weizmann, have built on an attack strategy developed by researchers at Bellcore (to which RSA was vulnerable). ``They've taken it one step further,'' says Richard DeMillo, a member of the Bellcore group. The result, says Shamir, is an all-out assault on encryption systems. One prominent victim is the Data Encryption Standard (DES), in wide use throughout the computer world. Shamir and Biham were able to unravel DES's secret key after a mere 200 tries.
Shamir and Biham's approach, called differential fault analysis, relies upon making a computer err in its calculations. The first step is to irradiate an encrypting machine--a readily available encrypting chip, for example--to flip a bit in its memory. Then, by comparing a number of error-ridden encryptions with a single flawless one, the hacker can ferret out the key to ``almost any secret key cryptosystem proposed so far in the open literature,'' Shamir writes.