An astonishing four out of every 1,000 public keys protecting webmail, online banking, and other sensitive online services provide no cryptographic security, a team of mathematicians has found. The research is the latest to reveal limitations in the tech used by more than a million Internet sites to prevent eavesdropping.
Which is bad – collisions are supposed to be rare, or else it’s much easier to guess the key.
“Our only conclusion is that there is not just one cause for all of these problems,” Hughes said. “This leads to our conclusion that unless you can totally trust your random number generator, RSA is not a good algorithm to choose.”
I thought computer RNGs couldn’t be trusted to be random.