Two cryptographers have discovered a new way criminals might obtain encryption keys from computer hard disks while the screen saver is running. The discovery was made by Adi Shamir, from the Weizmann Institute of Science in Rehovot, Israel, one of the inventors of the RSA public key cryptography system, and Nicko van Someren of nCipher, a British electronic security company based in Cambridge.
The New Scientist magazine reports that the pair use the randomness of keys to identify them on a computer hard disk. A small ‘virus’ program could automatically scan the disk for particularly random data and thus weed out the keys from the rest of the structured data stored on the disk. The pair reckon it would take just 40 minutes to scan a 40 gigabyte hard drive and obtain a key.
Ironically, the stronger the key, the easier it would be to spot because the data would be more random. The operations could be carried out by the program when it knows the user will not notice the slowing of the computers operations, for example when the screen saver is running. The two cryptographers say this method of obtaining keys highlights the need for people to store their keys in a safe environment.
