Well, that's what one group of computer scientists claim with respect to the RSA SecurID 800.
For many years, businesses and the government have given employees a card or token that produces a constantly changing set of numbers. Those devices have long been the preferred method of securing electronic date because you couldn't get access to the data without a secret key generated by the devices.
The New York Times reported on the story and the scientists who made the claim, who call themselves Team Prosecco (perhaps I should try deriving inspiration from Prosecco?). The scientists not only say they can pry open the RSA SecurID 800, but similar tools made by other manufacturers. They published their findings in a paper which will be presented at a cryptography conference in August.
RSA says it is looking into the matter. I'll bet it is. This is not the first challenge to RSA. In March of 2011, RSA announced that hackers had breached its data protection and Lockheed Martin announced some months later that its computer network had been penetrated by hackers exploiting the RSA vulnerability.
Cryptographers have long warned that the standards used by these encryption tools were antiquated and susceptible to attack. Companies have tended to think that it would take a long time to crack their keys and that hackers would therefore find it impractical to do so.
The new paper challenges that assumption. The RSA token took the shortest time to open: 13 minutes. A device made by Siemens took slightly longer: 22 minutes. A third device, made by Gemalto, based in the Netherlands, took 92 minutes.
I love that security researcher Dan Kaminsky refers to cryptography as the "molasses of computer science." He says that it advances so slowly because scientists are busy fixing technologies that are "on fire" and less likely to address those that seem merely theoretically problematic.
But if the paper is accurate, we have a fire of enormous proportions about to rage across the electronic world.