Researchers find flaw in RSA public key cryptography

A group of researchers has uncovered a flaw in the way public keys are generated using the RSA algorithm for encrypting sensitive online communications and transactions.

They found that a small fraction of public keys--27,000 out of a sample of about 7 million--had not been randomly generated as they should be. This means it would be possible for someone to figure out the secret prime numbers which were used to create the public key. The research was led by James P. Hughes, an independent cryptology expert based in California, and Arjen K. Lenstra, a Dutch mathematician who teaches in Lausanne in Switzerland. They found that the vast majority of public keys work as intended, but even a small number of improper public keys casts a shadow on a cryptography algorithm. The public keys in question have been removed from a publicly accessible database to prevent someone from exploiting the weakness. It's not known if anyone else has stumbled upon the weakness, which is a possibility, the researchers note. Original news can be found at CNET web site.