A TEAM OF European and American mathematicians and cryptographers have discovered an unexpected weakness in the encryption system widely used worldwide for online shopping, banking, email and other Internet services intended to remain private and secure.

The flaw – which involves a small but measurable number of cases – has to do with the way the system generates random numbers, which are used to make it practically impossible for an attacker to unscramble digital messages. While it can affect the transactions of individual Internet users, there is nothing an individual can do about it. The operators of large websites will need to make changes to ensure the security of their systems, the researchers said.

The importance in ensuring that encryption systems do not have undetected flaws cannot be overstated. The world’s online commerce system rests entirely on the secrecy afforded by the public key cryptographic infrastructure.The researchers described their work in a paper that will be presented at a cryptography conference to be held in California in August, but made their findings public this week because they believe the issue is of immediate concern to the operators of Web servers that rely on the public key cryptography system.

“This comes as an unwelcome warning that underscores the difficulty of key generation in the real world,” said James Hughes, an independent Silicon Valley cryptanalyst who worked with a group of researchers led by Arjen K. Lenstra, a widely respected Dutch mathematician who is a professor at the Ecole Polytechnique Federale de Lausanne in Switzerland. “Some people may say that 99.8 per cent security is fine,” he added.

( New York Timesservice)