Ugh. This is going to wreck vanity public keys. On Saturday, December 3, 2022, 'Matthew McPherrin' via [email protected] <[email protected]> wrote:
> I was a little quick on sending my previous email. The explanation is: > > the modulus that be factored by considering it as a polynomial of base > 2^160 and using standard algebra software. > > one of the factors is 3*2^1022 + 3*2^518 + 5*2^344 + 3 > > > On Sat, Dec 3, 2022 at 8:29 PM Matthew McPherrin <[email protected]> > wrote: > >> The certificate has been revoked and replaced by the subscriber. >> >> The private key has been factored by remy_o, who says: >> >> > the modulus that be factored by considering it as a polynomial of base >> 2^160 and using standard algebra software >> >> On Sat, Dec 3, 2022 at 2:48 PM Hanno Böck <[email protected]> wrote: >> >>> Hi, >>> >>> I'm not entirely sure if this is the right place to discuss this, but >>> I also don't really know where else. >>> >>> Do people have thoughts about suspicious keys like this? >>> https://crt.sh/?id=8093628131 >>> (Have a look at the modulus / N value, it has a lot of zeros) >>> >>> This key is certainly not securely generated. What I am wondering: >>> * What caused such a key to be created? >>> * Can it be broken? >>> * Anyone aware of any analysis or relevant research for keys with >>> suspicious patterns? >>> * Should CAs be under any obligation to detect and reject such keys? >>> >>> (I am detecting such keys in badkeys by looking for 16 repeating bytes, >>> which I consider as practically impossible to happen by chance in a >>> proper key generation process.) >>> >>> -- >>> Hanno Böck >>> https://hboeck.de/ >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "[email protected]" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/a/ >>> mozilla.org/d/msgid/dev-security-policy/20221203204840.1d25853a% >>> 40computer. >>> >> -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > mozilla.org/d/msgid/dev-security-policy/CAKh5S0ZKWSwgEAV7TzX4T_1a_ > 6TyXbUBg6YaOr8rtk45-K-ayw%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAKh5S0ZKWSwgEAV7TzX4T_1a_6TyXbUBg6YaOr8rtk45-K-ayw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAPAx59GjCnC%2B13%2BRFzhMrKxbEMmBuxwSQej05FXAxUo7oP6atw%40mail.gmail.com.
