Duke Computer Scientists Crack Codes to Keep Your Money Safe
Posted January 19, 1999 6:00 a.m. EST
DURHAM — Even though business is booming on the Internet, many computer users remain concerned about online security. An experiment by someDuke University computer scientistsshows that low levels of computer encryption can be broken.
Users should always keep security in mind; however, there is a lot of work going on to make online transactions even more secure.
The Duke computer scientists were able to crack encryption codes often used for credit card transactions in less than four hours, but they used a unique computer.
The scientists use PixelFlow, which is a very powerful and fast computer. Using more than 147,000 parallel processors crunching numbers at the same time, the machine broke the lowest grade of encryption normally used by Web browsers.
Dr. Gershon Kedem says anyone with enough computer savvy could do the same thing.
"The information on how to do it is widely available," Kedem said. "You can use 100, 200, 300 computers and do it maybe not in a few hours, but maybe in a day or two."
Kedem is concerned that malicious hackers could use powerful machines to steal financial information.IBM'sRic Telford works on security issues and says stronger encryption is available.
"There's a better level at 56 bit," Telford said. "Then there's the best level, and actually it goes on up to 128 bit."
At more than 1,099,511,627,776 different combinations, even the lowest 40 bit keys are impressive. Computer cryptography experts like Kedem crack codes to force improved security.
"The faster a computer gets, the shorter time it's going to take to do that," Telford said. "Still it's not an easy task to do and yes, it is somewhat of an exercise."
Attacks on computers often take the easiest route, the password.
"The problem is most people use things that are almost like a word, and those are relatively easy to guess," Kedem said. "So you want to use combinations of upper case letters, lower case letters, numbers, punctuation marks. Just make it look as random as possible."
Random numbers and letters are a good step, but users must remember them. Users should also change passwords about once a month.
Security is certainly important to remember; your liability on use of a stolen credit card is $50, for actual theft or computer theft. Users can also check their browser to determine whether they can increase encryption from 40 bits to 56 bits.