WATCH TV LIVE

Tags: Flaw | online | Encryption | Method

NY Times: Flaw Found in Online Encryption Method

By    |   Thursday, 16 February 2012 02:31 PM EST

Consumers purchasing items online may think that their sensitive data is safe. Unfortunately, a research team found that the commonly used encryption method used to protect online transactions is flawed, reveals an article in The New York Times.

The flaw involving involves a small number but significant number of cases, it is troubling because it could undermine confidence in the world's vital e-commerce system that depends on the encryption.

The defect found by team of American and European mathematicians and cryptographers involves how the encryption system produces random numbers that make it nearly impossible for hackers to unscramble online messages.

For it to work, computer systems create two prime secret numbers, plus another number, to produce a public "key." The secret numbers have to be created randomly, but the researchers discovered that the system sometimes failed to work properly.

Individual consumers cannot do anything to fix stop the flaw, the researchers say, but large web sites will have to change their security systems, according to the Times.

Hackers may have already discovered the flaw, the researchers warn.

"The lack of sophistication of our methods and findings," they state in their report, "make it hard for us to believe that what we have presented is new, in particular to agencies and parties that are known for their curiosity in such matters."

"This is an extremely serious cryptographic vulnerability caused by the use of insufficiently good random numbers when generating private keys" for HTTPS, SSL and TSL servers, says Peter Eckersley, senior technologist at the Electronic Frontier Foundation, which helped the research team, according to Computerworld.

"We are presently working around the clock to inform the parties whose keys are vulnerable."

"The secret keys are accessible to anyone who takes the trouble to redo our work. Assuming access to the public key collection, this is straightforward compared to more traditional ways to retrieve RSA secret keys," the researchers wrote in their report.

© 2025 Newsmax Finance. All rights reserved.


Click Here to comment on this article
Share
320
2012-31-16
Thursday, 16 February 2012 02:31 PM
Newsmax Media, Inc.

Sign up for Newsmax’s Daily Newsletter

Receive breaking news and original analysis - sent right to your inbox.

(Optional for Local News)
Privacy: We never share your email address.
Join the Newsmax Community
Read and Post Comments
Please review Community Guidelines before posting a comment.
 
Newsmax2 Live
 
Listen Channels Schedule fullscreen
On Now:4:00a ET • Woke America
Coming Up:5:00a ET • Systematic Deception
Get Newsmax Text Alerts

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
MONEYNEWS.COM
© 2025 Newsmax Media, Inc.
All Rights Reserved
NEWSMAX.COM
MONEYNEWS.COM
© Newsmax Media, Inc.
All Rights Reserved