Tokens are not as secure as previously thought

Tokens used in many companies and government institutions such as the RSA SecurID 800, as data security systems plus admittance to computers are vulnerable to burglary. French analysts napisanemu exactly causes malicious code, in 13 minutes gained a legend, which allows reading of numbers generated by the token media reported tokens through the last decade, according to security analysts, former better security than passwords, as they used the so-called. Two-factor authentication used them globally with the password rules are generated according to the specified two keys six-piece, which is the security password to log on to the database, servers, computers, and information systems such as electronic banking. Clipping was based on the initial issue, introduced by the manufacturer as an optional third-party RSA Security. At the beginning of the use of tokens were independent units, of which the operator of the LCD display had to be read in a number of maxima and from the moment they enter the system. Be that as it may after a few years on the market, dominated by modern tokens connected via USB - Indeed, lest login automatically followed the general computer scientists and cryptographers team Prosecco from Institut National de Recherche en Informatique et en Automatique (INRIA) in France, made a successful attack on such a RSA, making over 13 minutes extract of the current user key, making token useless. As New Scientist reported, used the attack working class and the identity cards of digital security Estonian argument as an individual, in the case of a digital signature which the team managed to stay in the French cryptanalysts within 13 hours invasion called "padding oracle" is quite hazy. At the tokens are for Dubel types of keys. The best route to the device, the user further. This newly past is exported and imported to and from the token in encrypted form close a special function. Attackers have used this function to modify the encrypted consignment adding pointless additions and wheel support for a reason written malicious code to export the token. Of course, the key generated errors. But they were so much specifically that in addition to quite a large number of repetitions of such an operation can be read easily without knowing the public key, and the key equipment test guess that produce numeryhasła token. In the attack on RSA was necessary to repeat 9400, which took 13 minutes As the levels of information technology portal The Register, lubricate the French researchers is extremely dangerous. A successful experiment because it means that it is enough that the computer infected right, malicious code for 13 minutes was hooked USB token, the malware intercepts the encrypted key, break it and send over the Internet. This allows hackers to spoof the bottom of the owners of the token which ideally will facilitate further hacking into computer systems, databases, or even the same