The Cloud Might Have Trouble with Encryption


Researchers from iSec Partners have pointed out a possible flaw with cloud computing, just in case we need another. The researchers have described a situation in which there might not be enough randomness in order for encryption to be fully effective.


Here is their concern: Encryption uses random bits to encrypt data. Random number generators get their data from entropy pools. Entropy pools gather their data, or unpredictable random noise, from a number of sources: local processes, file access, device access, page hits, keyboard clicks, and mouse movements, to name a few. The noise is broken down into a set of random bits that is then used for encryption.


The researchers claim that servers used in cloud computing do not generate enough random bits because they typically do not have keyboards or mice attached. Adding to the problem is that they tend to be single-use, short-term servers and because of this anomaly, they are not in operation long enough to create strong keys.


If an attacker were to set up their own virtual machine with a cloud provider, they might be able to guess the encryption keys because the entropy pool could be similar. This would greatly reduce the amount of calculations needed to guess the complete key.


I feel the probability of this actually happening is small, partly because the researchers at iSec Partners have not been able to guess an encryption key based on this problem. However, I would not rule it out, since the human mind is endless in its abilities.