[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Flaw Found in an Online Encryption Method
By JOHN MARKOFF
The New York Times
February 14, 2012
SAN FRANCISCO -- A team of European and American mathematicians and
cryptographers have discovered an unexpected weakness in the encryption
system widely used worldwide for online shopping, banking, e-mail and
other Internet services intended to remain private and secure.
The flaw -- which involves a small but measurable number of cases â has
to do with the way the system generates random numbers, which are used
to make it practically impossible for an attacker to unscramble digital
messages. While it can affect the transactions of individual Internet
users, there is nothing an individual can do about it. The operators of
large Web sites will need to make changes to ensure the security of
their systems, the researchers said.
The potential danger of the flaw is that even though the number of users
affected by the flaw may be small, confidence in the security of Web
transactions is reduced, the authors said.
The system requires that a user first create and publish the product of
two large prime numbers, in addition to another number, to generate a
public âkey.â The original numbers are kept secret. To encrypt a
message, a second person employs a formula that contains the public
number. In practice, only someone with knowledge of the original prime
numbers can decode that message.
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly. Best program, best price.