News Burst: Major security flaw in PGP

Key escrow makes software more complicated, which means more things can go wrong

A security flaw has been discovered in the latest versions of the PGP (Pretty Good Privacy) email encryption software. The flaw, reported by a German researcher Thursday, allows encrypted mail to be read by unauthorised third parties.

The problem reportedly arose from the inclusion of a key escrow feature added to PGP by Network Associates.

To decode an email encrypted by PGP users are required to employ the private key of the intended recipient. It appears that Additional Decryption Keys (ADK), which were added to allow a third party such as the Government to also decrypt PGP emails, are not secure.

Full story to follow.

They can see you... Read about how and why in Surveillance, a ZDNet News Special

What do you think? Tell the Mailroom. And read what others have said.