New York Times: Experts Differ on How Flaw Will Affect Coded E-MailMar 23, 2001, 17:31 (4 Talkback[s])
(Other stories by James Glanz)
"Security experts have confirmed that the most widely used program for sending encrypted e-mail messages has an obscure vulnerability that could allow a determined intruder to obtain secret codes, as two Czech cryptologists announced on Tuesday."
"But some experts differ sharply with the cryptologists on the practical importance of the vulnerability, which is now believed to have existed in the program since it was invented a decade ago. The program -- called P.G.P., for Pretty Good Privacy -- is used by millions of people around the world."
"The cryptologists, Dr. Vlastimil Klima and Tomas Rosa of ICZ, an information technology company in Prague, said the flaw could allow an intruder to forge the "digital signature" that senders of encrypted e- mail use to identify themselves in secret communications or financial transactions." Mark McArdle, vice president for P.G.P. engineering at Network Associates in Santa Clara, Calif., which licenses the program to corporate, organizational and individual users, agreed that Dr. Klima and Mr. Rosa were correct. But Mr. McArdle said their technique was impractical, since it required access to digital files that should exist only on the sender's computer or on a secure floppy disk.
Complete Story [ Free registration required. ]