Victor Shoup of IBM Research and Ronald Cramer of the Swiss Federal Institute of Technology, both working in Zurich, say they have a solution to the problem of "active" attacks mounted by hackers to crack computer security.

They will present their findings today at the Crypto 98 conference in California in a session entitled: "A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack."

How Bell Labs found a security hole

Their method represents a foil to attacks similar to the one discovered by a Bell Labs researcher Daniel Bleichenbacher in June.

His mechanism sent messages to a server processing electronic transactions and monitored the error messages that were returned. This gave him some information about what a decrypted message looked like, while he could also garner some information on the secret message itself when an error one was not returned.

Bleichenbacher said around a million messages needed to be sent to a server for success and the hacker would have to be able to screen out other Internet traffic.

Administrators should be alerted by such a massive attack but companies such as Netscape, Microsoft and RSA have put out software patches to fix the specific problem.

The Shoup-Cramer fix

The Shoup-Cramer method is said to thwart any related attacks by adding a series of calculations which ensure the server leaks no information when responding to the messages.

"The game is over as far as cryptography systems being subject to these nasty kinds of attacks," Charles Campbell Palmer, the manager of network security and cryptography at IBM Research told the Reuters news agency.

Bleichenbacher, who had chosen the Public Key Cryptography Standard (PKCS) No.1 protocol for the target of his attack, which is widely used in electronic commerce, agreed that a solution had been found.

Some experts unimpressed

But some at the Crypto 98 conference were unimpressed. Ross Anderson of Cambridge University said there were a number of possible solutions for protecting against "active" attacks.

"The Cramer-Shoup one is fairly expensive as it costs about five times what a more conventional approach would cost," he said.

Another British encryption expert said it was hard to assess the scientists' achievement:

" Sometimes the cure has unanticipated effects which are nastier than the original problem. It's part of a continuing process of discovering weaknesses in, and fixing a plethora of elaborate protocols," he said.