Public Key Encryption: New Research Raises Red Flags
Businesses that perform financial transactions online would do well to pay close attention to new research that has emerged about one of the most common encryption techniques used to protect such transactions. Literally thousands of U.S.-based businesses use the technique, which is commonly known as public key encryption. In use for more than 25 years, the technique is generally believed to be very secure, but new information arising from recent research may challenge that classification.
Researchers were attempting to test the assumption that underlies public key encryption; the idea that each time a new key is generated, it is based on random choices that truly differ from one another. Their findings are paradoxically reassuring and alarming all at once. It turns out that 998 out of every thousand keys generated are indeed truly random. This is a success rate of 99.8 percent; common sense would dictate that an error rate of only .02% is adequate.
The problem, however, is that when that .02% is multiplied by the billions of transactions that take place online every day, it represents a large number of financial exchanges that may not be as secure as previously believed. The researchers did advise caution in the interpretation of their results since their work has yet to be validated through a peer-review process. In addition, no breach has yet occurred due to the red flags raised in the study.
Still, businesses that use online transactions would be well advised to consider discussing their encryption methods with an IT consulting firm so that a consultant can more fully explain the ramifications of the research group's findings.