Bedford, MA, Thursday, September 26, 2002 RSA Laboratories . . . announced that a coordinated team of computer programmers and enthusiasts, known as distributed.net, has solved the RC5-64 Secret-Key Challenge. The distributed.net team solved the challenge in approximately four years, using 331,252 volunteers and their machines.

G

Gee . . . it took four years and gazillion processor hours to find a 64-bit key to an encryption algorithm that was already known. The word is the key actually was discovered a few months ago, but the team didnt know it had cracked the nut (a 35-character plain text message). Could it be that we are getting a little obsessive about security? Is there any particular piece of information in your enterprise that would be of sufficient value to warrant that type of attack? OK, maybe senior managements unsecured loans and other perquisites need to be locked down that tight. Oops. Just kidding. In fact, most of us probably are using even stronger security than this. On our secure Web sites here at The National Underwriter Co., we use RC4 with 128-bit encryption. A 128-bit key means it is exponentially (adding 1 bit to the key doubles the number of possible keys) more difficult to crack than a 64-bit key using brute force. Maybe we need to step back and explore just what all this security is buying us.

Usually we discuss security from the end-user point of view: Is my credit card information safe? Is my personal financial data secure? These are all legitimate questions, and they have all been addressed and pretty much taken care of. HTTP using secure sockets and properly hardened Web and database servers provide reasonable security for user data. But now look at security from the server side. Who is that client banging on my box right now? Are they whom they claim to be? How can I really be sure the person on my Web site requesting a policy change is an authorized user?

Want to continue reading?
Become a Free
PropertyCasualty360 Digital Reader.

INCLUDED IN A DIGITAL MEMBERSHIP:

  • All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
  • Educational webcasts, resources from industry leaders, and informative newsletters.
  • Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.

Already have an account?


NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

PropertyCasualty360

Join PropertyCasualty360

Don’t miss crucial news and insights you need to make informed decisions for your P&C insurance business. Join PropertyCasualty360.com now!

  • Unlimited access to PropertyCasualty360.com - your roadmap to thriving in a disrupted environment
  • Access to other award-winning ALM websites including BenefitsPRO.com, ThinkAdvisor.com and Law.com
  • Exclusive discounts on PropertyCasualty360, National Underwriter, Claims and ALM events

Already have an account? Sign In Now
Join PropertyCasualty360

Copyright © 2024 ALM Global, LLC. All Rights Reserved.