Flawed encryption leaves networks open to attack

NEWS Companies are being warned to stop using short encryption keys as their only measure of protection against hackers. The most well-known application of short encryption is the Secure Sockets Layer (SSL) protocol, which is commonly used to protect internet transmissions. But UK encryption specialist nCipher has now warned companies that the short key used in an SSL session could leave networks prone to hack attacks. nCipher said in a paper entitled The Risk of Short RSA keys for Secure Communications using SSL: "If the RSA key used at the start of secure sessions is compromised, the results could be a devastating attack to the victim. With the increase in computer power over the last few years, the means to carry out such an attack are within reach of a determined and technically competent attacker. "Given this, the use of short (512-bit) RSA keys for SSL should be abandoned in favour of longer keys. In countries where short keys have been widely used for regulatory reasons, internet commerce over a high proportion of sites should not be regarded as secure."