A dovetail joint of news, art, science, politics, philosophy & global affairs

“Three cord symphony crashes into space
The moon is hangin' upside down"

"Πάντα ῥεῖ καὶ οὐδὲν μένει"
Ask me anything
Submit
Archive
RSS feed







Theme by Stijn
February 15th
9:15 AM
1 note
Crypto shocker: four of every 1,000 public keys provide no securityDan Goodin | arstechnica » An astonishing four out of every 1,000 public keys protecting webmail, online banking, and other sensitive online services provide no cryptographic security, a team of mathematicians has found. The research is the latest to reveal limitations in the tech used by more than a million Internet sites to prevent eavesdropping. The finding, reported in a paper (PDF) to be presented at a cryptography conference in August, is based on the analysis of some 7.1 million 1024-bit RSA keys published online… The research is the latest to show the limitations of cryptographic systems that websites use to secure communications. In September, researchers unveiled an attack that silently decoded encrypted traffic as it passed between SSL-protected websites and a Web browser. Over the past few years, the much more standard way of defeating SSL has been to compromise one of the 600 or so entities authorized to mint certificates that are trusted by Firefox and other standard browsers. Given the success and ease of that method, the techniques laid out in the research paper would likely not be an attacker’s first choice of exploitation. It remains unclear exactly what is causing large clusters of keys to use duplicated factors.  >continue< image: John Kennerly

Crypto shocker: four of every 1,000 public keys provide no security
Dan Goodin | arstechnica »

An astonishing four out of every 1,000 public keys protecting webmail, online banking, and other sensitive online services provide no cryptographic security, a team of mathematicians has found. The research is the latest to reveal limitations in the tech used by more than a million Internet sites to prevent eavesdropping.

The finding, reported in a paper (PDF) to be presented at a cryptography conference in August, is based on the analysis of some 7.1 million 1024-bit RSA keys published online…

The research is the latest to show the limitations of cryptographic systems that websites use to secure communications. In September, researchers unveiled an attack that silently decoded encrypted traffic as it passed between SSL-protected websites and a Web browser. Over the past few years, the much more standard way of defeating SSL has been to compromise one of the 600 or so entities authorized to mint certificates that are trusted by Firefox and other standard browsers. Given the success and ease of that method, the techniques laid out in the research paper would likely not be an attacker’s first choice of exploitation.

It remains unclear exactly what is causing large clusters of keys to use duplicated factors.  >continue<

image: John Kennerly

#tech      #security      #internet      #science      #cryptology      #news     
  1. zeitvox posted this