I don't have a link to this paper (yet), but it pretty much confirms what I already knew...
I'd like to add more sources of entropy to cerowrt ASAP. They didn't look at WPA, it seems, either. ---------- Forwarded message ---------- From: Jim Gettys <[email protected]> Date: Mon, Dec 3, 2012 at 2:31 PM Subject: Re: TALK:Monday 12-3-12 Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices To: Dave Taht <[email protected]> On Mon, Dec 3, 2012 at 12:01 AM, Csail Event Calendar <[email protected]> wrote: > > > CSAIL Security Seminar 2012/2013 > Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices > Speaker: Nadia Heninger > Speaker Affiliation: Microsoft Research, New England > > Date: 12-3-2012 > Time: 4:00 PM - 5:00 PM > Refreshments: 4:00 PM > Location: Stata, G575 > > Abstract: RSA and DSA can fail catastrophically when used with malfunctioning > random number generators, but the extent to which these problems arise in > practice has never been comprehensively studied at Internet scale. > > We perform the largest ever network survey of TLS and SSH servers and > present evidence that vulnerable keys are surprisingly widespread. We > find that 0.75% of TLS certificates share keys due to insufficient > entropy during key generation, and we suspect that another 1.70% come > from the same faulty implementations and may be susceptible to > compromise. Even more alarmingly, we are able to obtain RSA private > keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their > public keys shared nontrivial common factors due to entropy problems, > and DSA private keys for 1.03% of SSH hosts, because of insufficient > signature randomness. We cluster and investigate the vulnerable hosts, > finding that the vast majority appear to be headless or embedded devices. In > experiments with three software components commonly used by these devices, we > are able to reproduce the vulnerabilities and identify specific software > behaviors that induce them, including a boot-time entropy hole in the Linux > random number generator. Finally, we suggest defenses and draw lessons for > developers, users, and the > security community. > > Joint work with Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. > > > Bio: Nadia Heninger is a postdoctoral visiting researcher at Microsoft > Research New England. Last year she was an NSF mathematical sciences > postdoctoral fellow at UC San Diego. She finished her PhD in 2011 at > Princeton. > > Relevant URL(S): > For more information please contact: Raluca Ada Popa, [email protected] > > _______________________________________________ > Seminars mailing list > [email protected] > https://lists.csail.mit.edu/mailman/listinfo/seminars > > -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
