Your RSA Security Is On Its Last Legs. What’s Next?

/in


Vince Berk is the Chief Strategist at Quantum Xchange, a post-quantum crypto-agility provider. Ph.D. in AI/ML, founder of FlowTraq.

A recent paper from Chinese researchers claiming that they can break traditional RSA encryption initially sparked an uproar. Calmer voices have cited flaws in the research, so the panic has died down a bit. Yet it portends a future that, in reality, may not be too far away.

RSA and the Diffie-Hellman key exchange are two closely related mathematical cryptographic methods that underlie all modern data encryption used today. So what happens when RSA is completely broken, when cryptography as we’ve known it for the last 40-plus years is defeated?

It’s next to impossible to quantify the risk and the impact of that day. But we must prepare for it.

One of the things that make that preparation difficult is the way in which current cryptography is integrated into computing systems.

Cryptography has traditionally been treated as a stalwart and trustworthy part of software and hardware. Cryptographic libraries get compiled directly into software applications, operating systems and server containers. It’s baked blindly into each and every application, not shared across the hundreds or even thousands of applications deployed in a global organization and nigh on impossible to maintain consistently.

Even a global corporate chief information security officer (CISO) or infrastructure and networking leader has virtually no control over this. For the most part, they can’t choose which cryptographic security technology is used. And there’s little they can do if it’s broken. They have to wait for the application or hardware provider to send over an update.

The entire concept of cryptography has been abstracted away. CISOs have no idea what cryptography is being used, how it’s being used, or if what they want to be encrypted is actually encrypted. They are forced to just accept the crypto on their servers, their VPNs, their video conferencing app—without even knowing what they have and, thus, what the risks may be in the event of a failure.

The really scary part is that while a quantum computer (such as the one referenced in the Chinese…

Source…