Researchers Crack Online Encryption System
By Jaikumar Vijayan, ComputerWorld via InfoWorld
February 15, 2012
An online encryption method widely used to protect banking, email, e-commerce and other sensitive Internet transactions is not as secure as assumed, according to a report issued by a team of U.S and European cryptanalysts.
The researchers reviewed millions of public keys used by websites to encrypt online transactions, and found a small but significant number to be vulnerable to compromise.
In most cases, the problem had to do with the manner in which the keys were generated, according to the researchers. The numbers associated with the keys were not always as random as needed, the research showed.
Therefore, the team concluded, attackers could use public keys to guess the corresponding private keys that are used to decrypt data — a scenario that was previously believed to be impossible.