Skip to main content

Cryptanalysts Find Flaw in Online Encryption System

A new research carried by a U.S. and European cryptanalysts claims that most commonly used online encryption method is, after all, not that much secured as it is usually assumed to be.

The study was conducted by the researches who reviewed a massive number of public keys that are utilised by various websites for encrypting online transactions. This review revealed in small yet significant number of cases, the random number generation algorithm which is utilised to create the public keys, failed to work correctly.

Based on the research carried out on 7.1 million public keys and through the use of Euclidean algorithm, which is an efficient way to find the greatest common divisor of two integers they were able to derive evidence that a small percentage of the numbers (used for creating public keys) were not random which would enable crafty hackers to determine the underlying numbers themselves or secret keys.

A senior technologist at the Electronic Frontier Foundation, Peter Eckersley, stated that, "This is an extremely serious cryptographic vulnerability caused by the use of insufficiently good random numbers when generating private keys" for SSL, HTTPS and also TSL servers, reported CIO.

The team of researchers came across 27000 different keys that didn't any security whatsoever.

[Source: The New York Times]