“Security experts have confirmed that the most widely used
program for sending encrypted e-mail messages has an obscure
vulnerability that could allow a determined intruder to obtain
secret codes, as two Czech cryptologists announced on Tuesday.”
“But some experts differ sharply with the cryptologists on
the practical importance of the vulnerability, which is now
believed to have existed in the program since it was invented a
decade ago. The program — called P.G.P., for Pretty Good Privacy
— is used by millions of people around the world.“
“The cryptologists, Dr. Vlastimil Klima and Tomas Rosa of ICZ,
an information technology company in Prague, said the flaw could
allow an intruder to forge the “digital signature” that senders of
encrypted e- mail use to identify themselves in secret
communications or financial transactions.” Mark McArdle, vice
president for P.G.P. engineering at Network Associates in Santa
Clara, Calif., which licenses the program to corporate,
organizational and individual users, agreed that Dr. Klima and Mr.
Rosa were correct. But Mr. McArdle said their technique was
impractical, since it required access to digital files that should
exist only on the sender’s computer or on a secure floppy disk.
Complete
Story [ Free registration required. ]