Researchers Find Flaw in an Online Encryption Method: A team of European and American mathematicians and cryptographers have discovered an unexpected weakness in the encryption system widely used worldwide for online shopping, banking, e-mail and other Internet services intended to remain private and secure. (via NYTimes.com.)
The crux of it is this: a very small number of PGP keys may not be secure because the random numbers used in the key generation process were not truly random. It would be possible to replicate the researchers’ process to determine if your key was insecure, but the truth is that there is going to have to be a fix for this, and then everyone will have to create new keys.
Until that happens, take your privacy/encryption with a grain of salt.
Update: Questions are being raised about the researchers’ findings, and whether they reflect a fundamental problem or some flawed implementations. Since the research seemed to crack keys generated by different implementations, if their findings are correct then the flaw is widespread, regardless – I think…
Researchers Allege Defect in RSA Public Keys, Findings Questioned.
gmail.com
