Public Encryption Methods May Have A Fatal Flaw

Researchers have uncovered a weakness in the encryption used by banks and email systems that could potentially leave some accounts wide open. Before you go stuffing all those precious emails in a sock underneath your bed, it's still a relatively rare case, according to the research paper. The New York Times reports on the research, which has to do with the way that public key encryption generates its random numbers via the product of two large prime numbers. The researchers examined the public databases of more than 7.1 million public keys, and more or less stumbled upon almost 27,000 of them that offered no security if the same decryption steps they took were undertaken by a third party.

27,000 out of 7.1 million is still a quite small percentage, but it's a chink in this type of encryption's armour, and perhaps more worryingly, a chink in its perception of infallibility.

The researchers apparently were stymied as to whether they should reveal the defect, until they realised that if they could stumble upon it innocently, other, more nefarious parties could do so as well. [New York Times]