Hacking the RSA system is based on factoring the modulus into prime factors. This is an extremely complex operation, but theoretically possible. But, obviously, in order to factor the modulus, it (the modulus) must be available (to the attacker, of course). Where does he get it from? From the public key - there it (the modulus) is contained in open form. Take it and break it, as they say. But - not in our case.
A characteristic feature of Extra Systems Cypher Net is the complete refusal to distribute public keys. It is this "feature" invented by us that makes the Cypher Net system absolutely unhackable.
We keep both keys of our central server (they are used in the fingerprint recognition mechanism) in absolute secrecy, and we do not use key exchange between subscribers of our network in the process of agreeing on a session key. To communicate with subscriber M, subscriber N must personally, in personal contact, give him his public key (of course, the subscriber has the right to use any other options - but only at his own risk).
Moreover, we do not store our clients' public or private keys. After generation, all these keys are transferred to clients and deleted from our disks. We do not need them. We do not use them for any purposes in the future.
During the session key negotiation process, subscribers exchange information encrypted using RSA with their own keys. An Internet packet interceptor sees only some large numbers, which can only tell us that this information is encrypted with some unknown (to anyone except its owner) RSA key of 1024 bits (for example). And no more information can be extracted from this, even purely theoretically. Moreover, it is impossible to decrypt anything.
In this case, no cryptanalyst can make any assumptions about the RSA parameters - neither about the module, nor about the exponent (except that their size is 1024 bits). Any attempt to hack the protocol we have developed is thus doomed to failure. And to be honest, no one in their right mind would ever do this (due to the obvious lack of any prospect of success in this case).
Therefore, our clients have absolutely nothing to fear as long as they keep their keys in a place inaccessible to an intruder. We emphasize: the danger of hacking our system comes only from its users. Only irresponsible actions of our subscribers can call into question the secrecy of their own communications.
It should be especially noted that the mistakes of some users in no way put other clients at risk. Any of our subscribers can only harm themselves (a leak of keys or fingerprints of a particular client does not in the slightest affect the security of communications between other subscribers).
The content of this page is also available in French, German, Ukrainian and Russian.
| © Extra Systems, 2024 |
|