[LINK] public keys

Stephen Wilson swilson at lockstep.com.au
Thu Feb 16 04:31:05 AEDT 2012

Fascinating in general, but I also picked up this bit of hypocritical 

"What surprised us most is that many thousands of 1024-bit RSA moduli ...
offer no security at all."

Security geeks take lay people (esp. sales & marketing) to task if they 
ever suggest that such and such is prefectly secure.  Nothing is ever 
100% secure.  But equally, very few things are 0% secure, as in the 
phrase "no security at all".


Steve Wilson

On 16/02/2012 12:32 AM, stephen at melbpc.org.au wrote:
>  <http://eprint.iacr.org/2012/064.pdf>
>  Abstract
>  "We performed a sanity check of public keys collected on the web.
>  Our main goal was to test the validity of the assumption that
>  different random choices are made each time keys are generated.
>  We found that the vast majority of public keys work as intended.
>  A more disconcerting finding is that two out of every one thousand
>  RSA moduli that we collected offer no security.
>  Our conclusion is that the validity of the assumption is
>  questionable and that generating keys in the real world for
>  "multiple-secrets" cryptosystems such as RSA is significantly riskier
>  than for "single secret" ones such as ElGamal or (EC)DSA based on
>  Die-Hellman ..."
>  5 Conclusion
>  "We checked the computational properties of millions of public keys
>  that we collected on the web. The majority does not seem to su
>  from obvious weaknesses and can be expected to provide the expected
>  level of security. We found that on the order of 0.003% of public
>  keys is incorrect, which does not seem to be unacceptable.
>  We were surprised, however, by the extent to which public keys are
>  shared among unrelated parties. For ElGamal and DSA sharing is rare,
>  but for RSA the frequency of sharing may be a cause for concern.
>  What surprised us most is that many thousands of 1024-bit RSA
>  moduli, including thousands that are contained in still valid X.509
>  certificates, offer no security at all.
>  This may indicate that proper seeding of random number generators is
>  still a problematic issue (see also Appendix A).." --
>  "Flaw Found in an Online Encryption Method"
>  <http://www.nytimes.com/2012/02/15/technology/researchers-find-flaw
>  -in-an-online-encryption-method.html?_r=1&nl=todaysheadlines&emc=tha26>
>  Stephen _______________________________________________ Link mailing
>  list Link at mailman.anu.edu.au
>  http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list