New leadership at security developer Ntru CryptoSystems Inc. is hoping a new services and consulting strategy will help mitigate the damage caused by problems with the company's core encryption algorithm. Once one of the premier cryptography companies in the United States, . . .
New leadership at security developer Ntru CryptoSystems Inc. is hoping a new services and consulting strategy will help mitigate the damage caused by problems with the company's core encryption algorithm. Once one of the premier cryptography companies in the United States, Ntru in the past six months has undergone a nearly complete face lift, replacing its CEO, moving away from its main business of licensing its cryptographic algorithms, slashing its staff by a third and placing many of the remaining employees on part-time status.

The changes at Ntru stem from issues surrounding the company's main intellectual property, the NtruEncrypt algorithm. The algorithm is the heart of the company's Neo security tool kit line and is the basis for the Ntru public-key cryptosystem. Last fall, the company discovered there were problems with the parameters it had been recommending to customers to improve bandwidth when using the algorithm. Specifically, the problems caused random messages to fail to decrypt.

As a result, someone could mount what's known as a chosen ciphertext attack, which gleans small amounts of information from each failed decryption. Over time, the attacker would be able to amass enough data to decrypt an entire message, which would call into question the security of every other message encrypted using that key.

The link for this article located at eWeek is no longer available.