Some coders don’t seem to have grasped the nature of public-private key encryption, publicly posting private keys on the hugely popular GitHub open source website.
Public key infrastructure (PKI), or asymmetric encryption, sees one person keep a private key, which they should never give away if they want to keep their messages secret. A public key is made available to those people who the private key owner is happy to speak to. The private key can unlock all messages sent using the encryption method, so it’s pretty important that the key is kept safe.
The problems came to light after Stackoverflow co-founder Jeff Atwood posted a link to a search which brought up cases where PKI, purportedly secure communications were set up on GitHub, and where private keys were mistakenly revealed rather than the public one.
Sophos, a UK security firm keeping an eye on the situation, noted how many software programs actually tell users which keys are public and which are private, so mistakes such as these should not be made.
“For all the software you’re likely to use, such as OpenSSH, OpenSSL and GPG, private keys are labelled with the text PRIVATE KEY,” wrote Sophos’ Paul Ducklin, in a blog post.
“And that’s the one you’re supposed to keep private!”
Meanwhile, the GitHub search function remains down. “The search cluster has recovered, but we are keeping it offline while we perform some additional maintenance,” a message on the GitHub status page read.
How well do you know Internet security? Try our quiz and find out!
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…