[ by Melanie Gretchen ] An encryption system used worldwide for banking, e-mail, online shopping and other Internet services has flaws, a team of European and American researchers report.  The unexpected weakness has produced a small but significant number of cases in which the encryption employing random number generation failed to work. How the System Works. A system user first creates and publishes the product of 2 large prime numbers, in addition to another number, to generate a public number that serves as a "key." For the system to provide security, the original numbers are kept secret. To encrypt a message, a second person employs a formula that contains the public number.  The system was set up so that only someone with knowledge of the original prime numbers can decode that message. System Breach. In a report submitted for publication, the researchers noted that they had examined 7.1 million public keys used to secure e-mail messages, online banking transactions and other secure data exchanges.  From that population, they “stumbled upon” almost 27,000 different keys that offer no security - i.e., “Their secret keys are accessible to anyone who takes the trouble to redo our work." For the system to provide security, it is essential that secret prime numbers be generated  randomly, and that failed to happen in a small but significant number of cases. Even though the impact affected a relatively small impact percentage of users and transactions, researchers said it cannot be overstated how important it is to ensure that encryption systems do not have undetected flaws.  The modern world’s online commerce system rests entirely on the secrecy afforded by the public key cryptographic infrastructure. Potential Danger, Corrective Steps Needed. The potential danger of knowing that a flaw can exist will reduce overall confidence in the security of Web transactions - regardless of the number of users who were affected.  The flaws can affect the transactions of any individual Internet users, yet there is nothing an individual can do about it. Operators of large Web sites will need to make changes to ensure the security of their systems, the researchers said. For those whose information has already been breached, we commisserate - simply chalk it up to the cost of progress in the 21st century. For more details, go to [NYTimes, 2/15/12].