> For the scheme in this draft,
> the probability of a a second public key is: 1-(1-p)^(2^{1024-48}), where p
>is the probability of a random number being a RSA public key.
I would not construct the attack by trying random numbers and checking them for
whether they are a public key. I would start with a repository of prime
numbers, and then do something like:
For each trial
Pick two prime numbers from the catalog
Multiply the two numbers to get a candidate RSA key
Check whether the resulting pattern matches the 48 bits in the IID
I will need an average of (2^48)/2 such trials, which means the catalog should
have a size 2^24 or more. Granted, establishing that catalog will take some
time, but it can be done once, in advance, before the IPv6 address is ever
seen. The same catalog can be used for any IPv6 address.
-- Christian Huitema
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
