Wednesday, February 15, 2012

Online security weakness found

An NYT article discusses a problem with online security involving random number generation:
    For the system to provide security, however, it is essential that the secret prime numbers be generated randomly. The researchers discovered that in a small but significant number of cases, the random number generation system failed to work correctly.

    The importance in ensuring that encryption systems do not have undetected flaws cannot be overstated. The modern world’s online commerce system rests entirely on the secrecy afforded by the public key cryptographic infrastructure.
I think most hackers would tell us that getting around encryption is not terribly difficult in the first place. Secure browsing is often described as sitting in a cardboard house, then loading valuables into an armored car and transporting them to another cardboard house, then unloading them.

No comments: