The current public key infrastructure used to secure HTTPS has security shortcomings that--in some cases--could be exploited by attackers to steal data and attack servers.
That finding comes from a paper due to be presented at the Crypto 2012 conference in August in Santa Barbara, Calif. The paper was written by a team of European and American mathematicians and cryptographers, led by Dutch mathematician Arjen K. Lenstra at the Ecole Polytechnique Federale de Lausanne (EPFL) in Switzerland. The researchers published their paper early, given the severity of the vulnerabilities they discovered.
"We performed a sanity check of public keys collected on the Web," wrote the researchers in their report. "Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended."
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.