Remember when I said we are living in a world without secrets? The security tokens that provide two-factor authentication for a number of companies and organizations have been broken. Instantly, countless confidential files became unprotected.
In the age of globally-distributed mathematic expertise, high-speed computers, and Internet collaboration, codes and ciphers that once looked impenetrable now fall on a weekly basis.
Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices that corporations and government organizations use to access networks, encrypt hard drives, and digitally sign e-mails.
The exploit, described in a paper to be presented at the CRYPTO 2012 conference in August, requires just 13 minutes to extract a secret key from RSA’s SecurID 800, which company marketers hold out as a secure way for employees to store credentials needed to access confidential virtual private networks, corporate domains, and other sensitive environments. The attack also works against other widely used devices, including the electronic identification cards the government of Estonia requires all citizens 15 years or older to carry, as well as tokens made by a variety of other companies.
via Scientists crack RSA SecurID 800 tokens, steal cryptographic keys | Ars Technica.