An attacker does not have to break encryption if they get your password. A few weeks ago I had the pleasure of attending a lecture by Adi Shamir. Adi is the “S” in RSA, the wide-spread public key encryption system he co-invented in 1977. Adi is spending a sabbatical at ETH Zürich’s Crypto-Lab.
In his talk on post-Snowden cryptography Adi highlighted several interesting aspects. He actually took time to read thousands of the original documents leaked by Edward Snowden. Contrary to most people he did not rely on Snowden’s publisher Glen Greenwald to do the work for him. Instead, he painstakingly combed through all the pages. He was looking for one key point: Did the NSA break any of our cryptographic algorithms?
The answer is no. The NSA has no shortcut to break commonly used ciphers like AES, RSA, or RC4. Encryption works! Some of the documents even complain about the growing usage of strong cryptography. But the documents also showed that since they cannot break the algorithm, they attack on other points.
One such point is the encryption keys. To be specific, it is the key generation. If an attacker knows the encryption key or parts of it, the equation changes. It would no longer take centuries using all the world’s computers to decrypt a message. Instead, it would be possible to decrypt the message in mere days or even hours on the average supercomputer.
Adi strongly recommends not to trust big organizations for encryption key generation. He pointed out one of the latest password thefts: the millions of stolen SIM card passwords. If an attacker has such a list he does not even need a supercomputer anymore. So, if you cannot rely on a third party, how can you generate secure keys? You have to do it yourself!
To generate secure keys you need a trusted device that you are in control of. The device must generate these keys from a natural stochastic process, like, for example, thermal noise. The device must make sure keys and passwords are only generated when in normal operating conditions. Do not use a computer for this. A deterministic machine cannot generate randomness. Never expect a software program to generate truly random numbers. You must use a dedicated device like a Hardware Security Module.
Securosys builds such a HSM. Our Primus HSM generates secure keys, passwords, and certificates using various natural random sources. Multiple (tamper-) sensors ensure that the HSM stays in controlled operating conditions. Furthermore, the private key of each HSM is only generated by the new owner at their site. This way only the customer can access the HSM, not even Securosys can get to it - no backdoor!.
If you want to follow Adi Shamir’s advice to secure your communications networks then trusted and secure passwords, keys, and certificates are a must. The HSMs from Securosys are independently developed and manufactured in Switzerland. They put the customer in control.