http://www.nytimes.com/2012/02/15/technology/researchers-find-flaw-in-an-online-encryption-method.html By JOHN MARKOFF The New York Times February 14, 2012 SAN FRANCISCO -- A team of European and American mathematicians and cryptographers have discovered an unexpected weakness in the encryption system widely used worldwide for online shopping, banking, e-mail and other Internet services intended to remain private and secure. The flaw -- which involves a small but measurable number of cases — has to do with the way the system generates random numbers, which are used to make it practically impossible for an attacker to unscramble digital messages. While it can affect the transactions of individual Internet users, there is nothing an individual can do about it. The operators of large Web sites will need to make changes to ensure the security of their systems, the researchers said. The potential danger of the flaw is that even though the number of users affected by the flaw may be small, confidence in the security of Web transactions is reduced, the authors said. The system requires that a user first create and publish the product of two large prime numbers, in addition to another number, to generate a public “key.” The original numbers are kept secret. To encrypt a message, a second person employs a formula that contains the public number. In practice, only someone with knowledge of the original prime numbers can decode that message. [...] ______________________________________________________________________________ Certified Ethical Hacker and CISSP training with Expanding Security gives the best training and support. Get a free live class invite weekly. Best program, best price. www.ExpandingSecurity.com/PainPillReceived on Wed Feb 15 2012 - 01:40:13 PST
This archive was generated by hypermail 2.2.0 : Wed Feb 15 2012 - 01:42:10 PST