Flaws Found in Internet Codes
Friday, February 17th, 2012Feb. 17, 2012
A small number of secure online communications–including private e-mails, credit card purchases, and bank transfers–rely on a fundamentally flawed method of encryption (encoding), according to a team of American and European mathematicians and cryptographers. Encryption ensures that a message cannot be read by anyone except the sender and the recipient. In doing so, encryption prevents wrongdoers from intercepting bank account numbers, credit card numbers, medical records, or other personal data during transactions. The flaw may only affect a small number of communications and few, if any, popular websites. However, the researchers’ findings could shake confidence in Web security.
A properly encrypted message looks–to an outside observer–like random gibberish. Decrypting the message changes the gibberish back to the original message. The challenge of cryptography involves generating a code that actually looks like random gibberish–or to put it another way, a code that has no recognizable patterns that a computer could easily find. Modern computers are extremely good at finding patterns in numbers–and thus, at decoding secret messages.
Websites typically encrypt communications with a mathematical formula that uses very large prime numbers. A prime number is a whole number that cannot be divided without a remainder by any whole number except itself and 1. Examples of prime numbers include 2, 3, and 5. Such numbers are useful in encryption because they are randomly distributed among other numbers and because it takes a huge amount of computing power to find large prime numbers in the first place. Websites use a formula involving prime numbers to generate random-looking “public keys.” The public keys allow the recipients of secret messages to decode them. Just as a house key is useless unless you know the address of the door it opens, a public key is useless unless you know the specific message it “unlocks.”
The researchers discovered that the calculations involving prime numbers for a small number of public keys “overlapped.” That is, computers were able to tease out patterns in communications that were supposed to be random. These patterns enabled them to decode a small percentage of supposedly encrypted communications.
Additional World Book articles:
- Computer (Computer security)
- Codes and cyphers
- Hackers, Criminals, and Terrorists (A Special Report)
- Information theory