Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Interesting paper
16 views
Skip to first unread message
Jan Panteltje
Feb 16, 2012, 5:22:27 AM2/16/12
to
Interesting paper:
Ron was wrong, Whit is right:
http://eprint.iacr.org/2012/064.pdf
Quote for those who cannot decrypt pdf:
Compared to the collection of certificates considered in [12], where shared RSA moduli are
"not very frequent", we found a much higher fraction of duplicates. More worrisome is that
among the 4.7 million distinct 1024-bit RSA moduli that we had originally collected, more
than 12500 have a single prime factor in common. That this happens may be crypto-folklore,
but it was new to us, and it does not seem to be a disappearing trend: in our current col-
lection3 of 7.1 million 1024-bit RSA moduli, almost 27000 are vulnerable and 2048-bit RSA
moduli are affected as well. When exploited, it could affect the expectation of security that
the public key infrastructure is intended to achieve.
<end quote>
Article in German about it:
http://www.heise.de/newsticker/meldung/RSA-Schluessel-nicht-so-zufaellig-wie-wuenschenswert-1435304.html
tom st denis
Feb 16, 2012, 8:54:58 AM2/16/12
to
This was passed around sci.crypt earlier. This is less about RSA
being impractical and more about where RSA tends to get used vs. DH I
think.
From a properly seeded CSPRNG I don't see how RSA could be "this"
insecure.
Tom
Mark F
Feb 16, 2012, 8:59:21 AM2/16/12
to
On Thu, 16 Feb 2012 10:22:27 GMT, Jan Panteltje
<pNaonSt...@yahoo.com> wrote:
>
> Interesting paper:
> Ron was wrong, Whit is right:
> http://eprint.iacr.org/2012/064.pdf
>
> Quote for those who cannot decrypt pdf:
>
> Compared to the collection of certificates considered in [12], where shared RSA moduli are
> "not very frequent", we found a much higher fraction of duplicates. More worrisome is that
> among the 4.7 million distinct 1024-bit RSA moduli that we had originally collected, more
> than 12500 have a single prime factor in common. That this happens may be crypto-folklore,
> but it was new to us, and it does not seem to be a disappearing trend: in our current col-
> lection3 of 7.1 million 1024-bit RSA moduli, almost 27000 are vulnerable and 2048-bit RSA
> moduli are affected as well. When exploited, it could affect the expectation of security that
> the public key infrastructure is intended to achieve.
> <end quote>
Working forward, one can assume that the low level government agent
<pNaonSt...@yahoo.com> wrote:
>
> Interesting paper:
> Ron was wrong, Whit is right:
> http://eprint.iacr.org/2012/064.pdf
>
> Quote for those who cannot decrypt pdf:
>
> Compared to the collection of certificates considered in [12], where shared RSA moduli are
> "not very frequent", we found a much higher fraction of duplicates. More worrisome is that
> among the 4.7 million distinct 1024-bit RSA moduli that we had originally collected, more
> than 12500 have a single prime factor in common. That this happens may be crypto-folklore,
> but it was new to us, and it does not seem to be a disappearing trend: in our current col-
> lection3 of 7.1 million 1024-bit RSA moduli, almost 27000 are vulnerable and 2048-bit RSA
> moduli are affected as well. When exploited, it could affect the expectation of security that
> the public key infrastructure is intended to achieve.
> <end quote>
that wants your private key will have still have the easy access to
the databases of public keys that have now been removed from public
access.
Therefore one should never reveal a private key such an agent or
agency since you might inadvertently compromise an important (to the
government) private key that the agent or agency in question is not
cleared to have access to.
Marcus
Feb 16, 2012, 9:41:33 AM2/16/12
to
On 16/02/2012 13:54, tom st denis wrote:
> On Feb 16, 5:22 am, Jan Panteltje <pNaonStpealm...@yahoo.com> wrote:
>> Interesting paper:
>> Ron was wrong, Whit is right:
>> http://eprint.iacr.org/2012/064.pdf
>>
> On Feb 16, 5:22 am, Jan Panteltje <pNaonStpealm...@yahoo.com> wrote:
>> Interesting paper:
>> Ron was wrong, Whit is right:
>> http://eprint.iacr.org/2012/064.pdf
>>
Tom St Denis wrote:
> From a properly seeded CSPRNG I don't see how RSA could be "this"
> insecure.
>
If we assume that everyone uses a properly seeded CSPRNGs the chance of
> From a properly seeded CSPRNG I don't see how RSA could be "this"
> insecure.
>
RSA being "this" insecure are vanishingly small.
Therefore we can reject this assumption and infer that people are not
using properly seeded CSPRNGs.
Marcus
0 new messages