Researchers break banking-level encryption

Encryption researchers discover they can break the bank.
Written by Will Knight, Contributor

Researchers at RSA Research in California have demonstrated that it is possible break the encryption code trusted by major international financial institutions and almost all e-commerce Web sites to protect secure financial transactions.

Admittedly, it took scientists seven months and 292 different computers at 11 sites in 6 different countries to find the two 155-digit-long prime numbers needed to break the 512-bit code, but, they say, the achievement further highlights the inadequacies of current encryption methods.

Kasper Bowden, director of the Foundation for Information Policy Research -- an independent think-tank researching the impact of government policy on e-commerce -- believes the feat represents a "milestone" in encryption practices. "A number of financial institutions are going to have to rethink their encryption policy. This is also embarrassing for anyone who took the UK government's advice 10 years ago and chose 512-bit encryption."

Malcom Hutty, a representative of Stand.org, which campaigns for the abolishment of restrictions on encryption, agrees. "This is further confirmation that we must use the strongest encryption possible. With computing power increasing at the rate it is, it is more and more likely someone will break this level of encryption for illegal purposes."

Introduced in the mid-80s, 512-bit encryption was originally believed unbreakable, but, as Bowden points out, "it is now possible to use millions of computers linked over the Internet to supply the computing power needed to calculate this sort of figure."

There are projects that allow thousands of personal computer users to link their computers via the Internet and attempt to crack 64-bit encrypted files using reserve computing power. One such project goes on at Ditributed.net.

Editorial standards