[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Encryption keys aren't safe on servers, report warns

To: [email protected]
Subject: Encryption keys aren't safe on servers, report warns
From: Steve Mynott <[email protected]>
Date: Fri, 7 Jan 2000 14:56:47 +0000
Delivered-To: [email protected]
Old-Subject: Encryption keys aren't safe on servers, report warns
Sender: [email protected]


http://uk.news.yahoo.com/000107/22/d75c.html

Encryption keys aren't safe on servers, report warns

Encryption keys are no longer safe on servers according to research
published by UK security company, nCipher. Private encryption keys can
be held on a user's network and used to code and decode confidential
data sent over the Web. Previously it was thought to be impossible to
hack into a network and find the keys, because they were small pieces
of code hidden in mountains of information.
 
But according to nCipher, hackers can find these keys and decode
information sent over networks, putting ecommerce and online
transactions under-threat.
 
The study concludes that the safest place for encryption is the
hardware.
 
Colin Bastable, a spokesman for nCipher, said: "This is the first
research ever to prove this and it's backed up by many organisations
including the government."
 
Neil McEvoy, managing director of security consultancy, Hyperion, said
the research proves what people have suspected for a long time. Banks
have kept encryption on hardware religiously for use in networks such
as ATMs; it's only recently that companies have started storing their
private keys on the network.
 
"In the rush to embrace ecommerce people forgot the basics of security
and neglected to keep their keys safe. I think this research is
important and timely," said McEvoy.
 
He conceded that nCipher may have a vested interest in the
announcement since the company manufactures the hardware-based
encryption tools itself. However, McEvoy agreed with the findings in
principle.
 
McEvoy and other encryption experts also think that keys should be
kept on hardware because it takes up too much bandwidth on the
network.
 
Microsoft and the Sun/Netscape Alliance have endorsed the research
findings and are working with nCipher to find way to solve the
problem.

-- 
1024/D9C69DF9 steve mynott [email protected] http://www.pineal.com/

  there are several good protections against temptation, but the surest is
 cowardice.  -- mark twain

Prev by Date: Re: domestic audio surveillance in LA, Redwood City
Next by Date: Searching for NCSC
Prev by thread: Re: party line?
Next by thread: Re: Encryption keys aren't safe on servers, report warns
Index(es):
- Date
- Thread