News > Technology
    SAVE   |   EMAIL   |   PRINT   |   RSS  
Internet security takes a hit
Report says computer-code experts concerned after flaw discovered in popular encryption technique.
March 15, 2005: 9:14 AM EST

NEW YORK (CNN/Money) - The discovery of a crack in a commonly used Internet encryption technique raised concerns among government agencies and computer-code experts, according to a report by The Wall Street Journal.

"Our heads have been spun around," Jon Callas, chief technology officer at encryption supplier PGP Corp., told the newspaper.

The technique, called a "hash function," has been commonly used by Web site operators to scramble online transmissions containing credit-card information, Social Security numbers and other personal information.

Hash functions were thought to be impenetrable, but a team of researchers in China found that this encryption method was not as resistant to hackers than previously thought, according to the report.

The Chinese researchers "haven't caused panic yet," Avi Rubin, a computer-security expert at Johns Hopkins University, told the newspaper. But "it's definitely a wake-up call."

The discovery calls into question the credibility of the popular encryption method, despite what are believed to be remote chances of abuse.

The method, involving an algorithm, generates digital fingerprints, or "hashes," by performing an equation on a piece of information, switching the order of some bits, cutting down the result to a fixed length and resulting in a fingerprint.  Top of page


Computer Security
Manage alerts | What is this?