Project 17 – Key Penetration

blockchain, block, chain
Tumisu (CC0), Pixabay

One of the first hardcore security projects I was involved with had to do with asymmetric cryptography, and a proof of concept at penetration of public keys. The premise was rather simple, as Moore’s Law expands, how long before any brute force attack against a public/private key pair can be broken, and what can be done to prevent it.

While my compatriots attempted at solving the mathematical predictions of the amount of CPU power that would be needed to crack encryption protocols like PGP and GPG protected data, I took a different approach.

Most people in the industry at the time could not have predicted the emergence of quantum computing, neither could I have at the time. However, I knew as the computer power increased in it’s ability to crack secured systems, so too would the secure systems being used as well. What would not change was human nature.

One of the flaws I discovered had nothing to do with the encryption itself, but rather with the CLI. If a user imported a private key which had been corrupted, the CLI system would reject the key. This meant that a brute force attack would know when it failed at cracking a private key simply by recording the response from the target server as a null. As Moore’s Law reaches it’s zenith with quantum computers, this flaw needs to be protected against by adding a recaptcha  based proof of work system to the private key importing protocol, and intentionally given a false positive on key chained inputs.

For the sensitive nature of the data being protected in relation to this challenge, Public-key cryptography was replaced with a One Time Page based system based on my work.

  • wofle