Tags: Flaw | online | Encryption | Method

NY Times: Flaw Found in Online Encryption Method

By    |   Thursday, 16 February 2012 02:31 PM

Consumers purchasing items online may think that their sensitive data is safe. Unfortunately, a research team found that the commonly used encryption method used to protect online transactions is flawed, reveals an article in The New York Times.

The flaw involving involves a small number but significant number of cases, it is troubling because it could undermine confidence in the world's vital e-commerce system that depends on the encryption.

The defect found by team of American and European mathematicians and cryptographers involves how the encryption system produces random numbers that make it nearly impossible for hackers to unscramble online messages.

For it to work, computer systems create two prime secret numbers, plus another number, to produce a public "key." The secret numbers have to be created randomly, but the researchers discovered that the system sometimes failed to work properly.

Individual consumers cannot do anything to fix stop the flaw, the researchers say, but large web sites will have to change their security systems, according to the Times.

Hackers may have already discovered the flaw, the researchers warn.

"The lack of sophistication of our methods and findings," they state in their report, "make it hard for us to believe that what we have presented is new, in particular to agencies and parties that are known for their curiosity in such matters."

"This is an extremely serious cryptographic vulnerability caused by the use of insufficiently good random numbers when generating private keys" for HTTPS, SSL and TSL servers, says Peter Eckersley, senior technologist at the Electronic Frontier Foundation, which helped the research team, according to Computerworld.

"We are presently working around the clock to inform the parties whose keys are vulnerable."

"The secret keys are accessible to anyone who takes the trouble to redo our work. Assuming access to the public key collection, this is straightforward compared to more traditional ways to retrieve RSA secret keys," the researchers wrote in their report.

© 2018 Newsmax Finance. All rights reserved.

1Like our page
Thursday, 16 February 2012 02:31 PM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

© Newsmax Media, Inc.
All Rights Reserved