View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
August 24, 1998


By CBR Staff Writer

Two scientists have announced encryption software that secures web servers against the active chosen plaintext attack, discovered in June by Daniel Bleichenbacher of Lucent Bell Labs (NBD 06/29/98). Charles Palmer, manager of network security and cryptography at IBM’s Thomas J. Watson Research Center, explains that: Bleichenbacher’s attack works like twenty questions. An attacker sends a large volume of messages, and depending on which messages are accepted and which are rejected, can deduce the encryption key for a given session. You have to try one million times, says Palmer, but since the entire keyspace is one with forty zeroes after it, the active attack is really quite efficient. Discovered by Victor Shoup of IBM Research and Ronald Cramer of the Swiss Federal Institute of Technology, the new cryptosystem prevents attackers from tricking servers into leaking information this way. It’s mathematically proven that the server won’t give away any information, Palmer says. It can tell if you’re just making up the bits at random. It takes your bits and does a whole lot of ugly math on them to determine whether those bits are actually possible. To mount a successful active chosen plaintext attack against the Cramer-Shoup system using randomly chosen bits, the attacker would have to search half the total keyspace, or 5 with 39 zeroes after its worth of possible combinations. Palmer calls this a number so big you don’t want to think about it. After announcing the findings at the Crypto ’98 conference in Santa Barbara, California, IBM says it will publish the theory and the practical results of the research so that other vendors can secure their servers against Bleichenbacher’s attack. IBM also plans to incorporate the research into its eVault product. Palmer says the cryptosystem was a happy by-product of some independent work Shoup had done. It proved more useful than he had realized, Palmer says, we do a lot of pure research at IBM. We’re always really tickled when some of it escapes into the real world.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.