Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Public Key Used To Secure HTTPS Fails 'Sanity Check'
Researchers find two out of every 1,000 public keys can be easily cracked
1 Min Read
The current public key infrastructure used to secure HTTPS has security shortcomings that--in some cases--could be exploited by attackers to steal data and attack servers.
That finding comes from a paper due to be presented at the Crypto 2012 conference in August in Santa Barbara, Calif. The paper was written by a team of European and American mathematicians and cryptographers, led by Dutch mathematician Arjen K. Lenstra at the Ecole Polytechnique Federale de Lausanne (EPFL) in Switzerland. The researchers published their paper early, given the severity of the vulnerabilities they discovered.
"We performed a sanity check of public keys collected on the Web," wrote the researchers in their report. "Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended."
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2012About the Author
You May Also Like
More Insights
