News Burst: Major security flaw in PGP

Summary:Key escrow makes software more complicated, which means more things can go wrong

A security flaw has been discovered in the latest versions of the PGP (Pretty Good Privacy) email encryption software. The flaw, reported by a German researcher Thursday, allows encrypted mail to be read by unauthorised third parties.

The problem reportedly arose from the inclusion of a key escrow feature added to PGP by Network Associates.

To decode an email encrypted by PGP users are required to employ the private key of the intended recipient. It appears that Additional Decryption Keys (ADK), which were added to allow a third party such as the Government to also decrypt PGP emails, are not secure.

Full story to follow.

They can see you... Read about how and why in Surveillance, a ZDNet News Special

What do you think? Tell the Mailroom. And read what others have said.

Topics: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.