Loading 3 Votes - +

Key Generation Weakness


RSA’s public key algorithms (pdf) pretty much runs the Internet’s security and is found everywhere from SSL to SSH. The strength of the system relies upon the computational improbability of an attacker being able to factor down to two large primes. Consumer grade devices, unfortunately, lack the appropriate levels of entropy from which to seed random number generation resulting in number duplication. In a brute force study where researchers scraped literally every public IP on the Internet to grab all discoverable public keys whereupon they “manually verified that 59,000 duplicate keys were repeated due to entropy problems, representing 1% of all certificates, or 2.6% of self-signed certificates” and “also found that 585,000 certificates, or 4.6% of all devices used the default certificates pre-installed on embedded devices.” The full study itself (pdf) goes into mathematical detail on their process for analyzing weak key generation sequences and factoring predictable sequences to derive private keys.

Similarly tagged OmniNerd content:

Share & Socialize

What is OmniNerd?

Omninerd_icon Welcome! OmniNerd's content is generated by nerds like you. Learn more.

Voting Booth

The "everybody can code" movement is?

6 votes, 3 comments