Un'interessante blog post di Nadia Heninger di UC San Diego: https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs
Sembra che il problema sollevato da Lenstra riguardi soprattutto embedded devices: "However, there's no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers. (It's certainly not, as suggested in the New York Times, any reason to have diminished confidence in the security of web-based commerce.) Unfortunately, we've found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis." Si tratta di una ricerca parallela a quella di Lenstra & C; il livello di dettaglio di questo post è notevole (data la necessità contingente di riservatezza). ciao, rob ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
