Overheard at Black Hat: "Who here has seen the film 'Sneakers'?"

This question was asked in a session about security problems in crypto-mathematics.  Half the hands went up.   I wonder if the speaker reads Borepatch?

There may be a problem in the encryption that underlies Secure Sockets Layer (SSL) - this is the stuff that protects you when you browser to some https:// location.  While the encryption isn't broken, there's a lot of mathematical analysis going on in this field that is showing partial results.  Already this year there have been three published paper on the Discrete Logarithm Problem (don't worry about the details).  There hadn't been any progress for 30 years, and now this is the new mathematical hotness.  It it becomes possible to solve this problem then we have exactly the situation shown in Sneakers - everything on the Internet will be able to be decrypted.  Worse, the techniques likely will be easy to implement, and so everything will be vulnerable, all in the space of a week or two.

They call this the Cryptopocalypse.  Slides (and maybe video) of the session should be posted there in a day or two, and if you're interested you should check it out.  It was the best presentation on encryption that I've ever seen.

Even more interesting is that the recommendations - to use Elliptic Curve encryption (don't worry about the details).  The Russian crypto system GOST was based on this.  It isn't based on the RSA standard we use here, that depends on Discrete Logarithms.  In the film, the Soviet Attache said that their encryption was different, and that the decryption box wouldn't work against them.

All in all, the world is a very strange place where so much prediction seems to have come from Hollywood.