Security Standards Need Revamping to Stay a Step Ahead of Scam Artists

Article excerpt

Netscape Communications Corp.'s browser for the Internet was recently found to have a security flaw in its data encryption system. The company promised it would be fixed within a couple of weeks.

Shortly before that, it came to light that Citicorp's wire transfer network had been broken into by several Russian nationals using personal computers. Citibank said it successfully bolstered its security with smart cards.

These are only two of many messages that add up to a serious warning to the banking industry: There is no such thing as a perfectly secure system.

The effective security measures we hear about may be the best ones available at the time of the installation decision. But any security can be attacked at some price. Every secure system has an attack "work factor" the time and cost required to render it ineffective. These work factors, or barriers, are constantly being whittled down by advances in the technology of breaking into secure systems.

Within the data security community, the president of RSA Data Security Inc., a leader in the field, recently suggested that users of his company's encryption algorithm stop using keys that are 512 bits in length. Better if the keys, the digital codes needed to code and decode messages, are 1,024 or 2,048 bits long, because the ability to compromise the RSA algorithm has improved tenfold over the last 10 years. …