 |
 |
|
|
|
||||||||||||||||||||||||||||||||||
|
Cryptologist sees digital signature flaw, fix
(IDG) -- A scientist at Bell Labs, the research and development wing of Lucent, has discovered a flaw in the Digital Signature Algorithm that could have affected the integrity of secure transactions on the Internet and adversely impacted VPNs, online shopping and online financial transactions. Daniel Bleichenbacher, a member of Bell Labs' Information Sciences Research Center, discovered a glitch in the random number generation technique used with the DSA, according to the company in a statement. He learned that the DSA's random number generator was biased and was twice as likely to pick a set of numbers from one range than from another.
The U.S. National Security Agency designed DSA and it is one of three authentication algorithms approved for generating and verifying digital signature under the Digital Signature Standard. Digital signatures allow software at the end of an electronic transaction to confirm the identity of the party initiating the transaction and to verify the integrity of the information received. The vulnerability does not pose any immediate threat as it takes massive computing power to launch an attack on the flaw, according to Bell Labs.
The Digital Signature Standard was developed by the U.S. National Institute of Standards and Technology (NIST) and has been adopted by the American National Standards Institute (ANSI) and the IEEE. The standards organizations could develop a simple fix for DSA, which providers of applications and services could implement in software, according to Bleichenbacher. NIST has agreed to fix the weakness in the DSA and is now preparing a revision of the DSA specification, which will be proposed in February, said Edward Roback, chief of the computer security division in NIST's Information Technology Laboratory. Bleichenbacher first disclosed the vulnerability on Nov. 15, 2000 during a meeting of an IEEE working group, which focused on standard specifications for public-key cryptography. He found the flaw while analyzing an appendix to the DSA and has since devised an alternation to the DSA algorithm that would, for all practical purposes, eliminate the bias in the random number generator, Bell Labs said. RELATED STORIES: Crossing the wireless security gap RELATED IDG.net STORIES: Researchers uncover 'major' wireless security flaws RELATED SITES: Bell Labs |
|
|
SCI-TECH
Study: Gadget sales flat Protest slams Dell's use of prison labor Steve Jobs keeps Apple in the limelight (MORE)
![[CNN.com]](http://i.cnn.net/cnn/images/newsnet/cnnlogo.gray.gif){kind=small} TOP STORIESN. Y. plans to heal skyline Stocks rise on Case departure Lieberman's presidential announcement today New arrests may be linked to UK ricin scare (MORE)
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo} SPORTSJordan says farewell for the third time Shaq could miss playoff game for child's birth Ex-USOC official says athletes bent drug rules (MORE)
 All Scoreboards
|
|
||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
(