Remember RSA - The name is short for Rivest Shamir Aldeman, the trio that was reputed to have devised the first practical implementation of Diffie-Helman key exchange protocol, a prime multiplication challenge whose security is based on the difficulty of finding the factors of the product of two large prime numbers (or numbers close enough to prime in implementation) if the adversary knows neither prime number.
The company of Ron Rivest, Adi Shamir, and Leonard Aldeman has gone through several corporate iterations including recent absorption by EMC, but the story of security hubris continues to be told. RSA remains one of the best known cryptographic algorithm despite its increasing weakness in light of mathematical advances as well as computational advances, but the force-de-jure of the company is not the success of its nicknamed cryptographic algorithm but the genius and innovation of its founders to discover clever "security" schemes based on cryptographic techniques. There seem to be consensus in the community of "security vendor" in a myth of "security through technology alone". Indeed, what the RSA breach shows is that no system can ever be secured if any component of people, policy and technology is not secure. The search for an ultimate security technology, including the idea of multi-factor authentication is one that is bound to fail as long as the cornerstone of any security architecture does not include that core element.
It is not clear, at least not from the information made publicly available by EMC , how the latest advertised breach was effected and what the real attack vector was, but RSA customers sold on the idea of a highly secure authentication mechanism; just like many are beng sold on the value of biometric security, are flailing in the wind right now as they try to hazard some clarity as to what to protect against.
Of course one key failure of the RSA Secure ID technology is the idea of a central key store for authentication-token : A kind of security by obscurity
http://www.nytimes.com/2011/03/19/technology/19secure.html?partner=rss&emc=rss
http://www.rsa.com/rsalabs/node.asp?id=2214
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=229301301&cid=RSSfeed_IWK_News
It is not clear, at least not from the information made publicly available by EMC , how the latest advertised breach was effected and what the real attack vector was, but RSA customers sold on the idea of a highly secure authentication mechanism; just like many are beng sold on the value of biometric security, are flailing in the wind right now as they try to hazard some clarity as to what to protect against.
Of course one key failure of the RSA Secure ID technology is the idea of a central key store for authentication-token : A kind of security by obscurity
http://www.nytimes.com/2011/03/19/technology/19secure.html?partner=rss&emc=rss
http://www.rsa.com/rsalabs/node.asp?id=2214
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=229301301&cid=RSSfeed_IWK_News
Comments
Post a Comment