At the Black Hat security conference in Las Vegas, a quartet of researchers, Alex Stamos, Tom Ritter, Thomas Ptacek, and Javed Samuel, implored everyone involved in cryptography, from software developers to certificate authorities to companies buying SSL certificates, to switch to newer algorithms and protocols, lest they wake up one day to find that all of their crypto infrastructure is rendered useless and insecure by mathematical advances.
We've written before about asymmetric encryption and its importance to secure communication. Asymmetric encryption algorithms have pairs of keys: one key can decrypt data encrypted with the other key, but cannot decrypt data encrypted with itself.
The asymmetric algorithms are built on an underlying assumption that certain mathematical operations are "hard," which is to say, that the time it takes to do the operation increases proportional to some number raised to the power of the length of the key ("exponential time"). This assumption, however, is not actually proven, and nobody knows for certain if it is true. The risk exists that the problems are actually "easy," where "easy" means that there are algorithms that will run in a time proportional only to the key length raised to some constant power ("polynomial time").
Read 10 remaining paragraphs | Comments