Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

1

Researchers Detail Flaw in Online Cryptography

Started by V.T. Eric Layton , Feb 16 2012 12:48 PM

Please log in to reply

3 replies to this topic

#1 OFFLINE V.T. Eric Layton

Nocturnal Slacker

Forum Admins
14,834 posts

Posted 16 February 2012 - 12:48 PM

A team of Internet security researchers says a small number of public encryption keys offer "no security at all"

By Evan Applegate

from Business Week:

First, the bad news: A small number of active RSA public encryption keys, a popular type of encryption protocol that secures billions of online transactions, offer “no security at all.”

read more --> http://www.businessweek.com/technology/res...c-02162012.html

Posted Image

Back to top

#2 OFFLINE securitybreach

CLI Phreak

Forum Admins
12,841 posts

Posted 16 February 2012 - 03:10 PM

Interesting, thanks

π ∞
Comhack.com/CNI Radio/Linux User #363317/G+/Configs

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

Back to top

#3 OFFLINE ross549

I live here.

Forum Admins
7,619 posts

Posted 16 February 2012 - 03:32 PM

http://twit.tv/show/security-now/340

Leo and Steve Gibson discuss this in their latest episode of Security Now. This is certainly an issue that needs to be fixed, but is certainly not something that is really deployable as a threat today. Essentially this works only if you have a public key and a private kay that have one of their factors that is the same. In short, this is a highly limited number, and the attacker would have to know who you are, what system you are connecting to, and that systems key.

Not really practical to deploy at this point.

Adam

I don't suffer from insanity, I enjoy it.

Back to top

#4 OFFLINE securitybreach

CLI Phreak

Forum Admins
12,841 posts

Posted 16 February 2012 - 04:47 PM

QUOTE (ross549 @ Feb 16 2012, 01:32 PM) <{POST_SNAPBACK}>

http://twit.tv/show/security-now/340

Leo and Steve Gibson discuss this in their latest episode of Security Now. This is certainly an issue that needs to be fixed, but is certainly not something that is really deployable as a threat today. Essentially this works only if you have a public key and a private kay that have one of their factors that is the same. In short, this is a highly limited number, and the attacker would have to know who you are, what system you are connecting to, and that systems key.

Not really practical to deploy at this point.

Adam

Thanks

π ∞
Comhack.com/CNI Radio/Linux User #363317/G+/Configs

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

Back to top

Back to Security & Networking

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users