On Mon, Nov 28, 2011 at 04:57:03PM +1300, Peter Gutmann wrote:
> Marsh Ray <[email protected]> writes:
> 
> >* Here's an example of RSA-512 certificates being factored and used to sign
> >malware:
> >http://blog.fox-it.com/2011/11/21/rsa-512-certificates-abused-in-the-wild/
> 
> That's an example of *claims* of 512-bit keys being factored, with the
> thinking being "everyone knows 512-bit keys are weak, the certs used 512-bit
> keys, therefore they must have got them by factoring".  Unfortunately this
> doesn't explain how they go the 1024-bit and longer keys that were also used
> in the attack.

Here are some examples of 512-bit RSA keys factored:

http://en.wikipedia.org/wiki/Texas_Instruments_signing_key_controversy
http://www.schneier.com/blog/archives/2009/09/texas_instrumen.html
http://www.ticalc.org/archives/news/articles/14/145/145154.html

http://www.ticalc.org/archives/news/articles/14/145/145273.html

http://www.elcomsoft.com/news/127.html
http://www.prweb.com/releases/quicken/backdoor/prweb534367.htm

As far as I'm aware, these are real (not just claims).

Alexander
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to