Hello, I found out, that in openssl 0.9.8 a check is missing for duplicate primes of p and q, see below. This is relevant when generating RSA-Keys:
root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl genrsa 128 Generating RSA private key, 128 bit long modulus .......+++++++++++++++++++++++++++ .+++++++++++++++++++++++++++ e is 65537 (0x10001) p:DBF7DA8B44ADCDD1 Phase 1 q:DBF7DA8B44ADCDD1 -----BEGIN RSA PRIVATE KEY----- MGICAQACEQC+ePfpNx2CzoNDm/Aejm7HAgMBAAECEF/t7vYfUxaga1+R+6EPYiEC CQDdrD6E0hkhFwIJANv32otErc3RAgkAz2HVG21zFQECCEW9PRKugZQhAgg9HQ6/ Pr0Uvg== -----END RSA PRIVATE KEY----- root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl genrsa 128 Generating RSA private key, 128 bit long modulus .+++++++++++++++++++++++++++ .+++++++++++++++++++++++++++ e is 65537 (0x10001) p:DC32B965793AF86F Phase 1 q:C6F919F7AAA5EC71 -----BEGIN RSA PRIVATE KEY----- MGUCAQACEQCrJX8Qy0q3bw5VN6G1mPz/AgMBAAECEQCbPCOI5BwdTE4K+TuIwOaB AgkA3DK5ZXk6+G8CCQDG+Rn3qqXscQIJAKbu/YZkRcSZAgkAnE+DS+K+uLECCQCu HHeujcFd/Q== -----END RSA PRIVATE KEY----- root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl genrsa 128 Generating RSA private key, 128 bit long modulus .........+++++++++++++++++++++++++++ ...+++++++++++++++++++++++++++ e is 65537 (0x10001) p:EFAB9BC12A217257 Phase 1 q:C4B0A783D183DA55 -----BEGIN RSA PRIVATE KEY----- MGMCAQACEQC4JMYPVKDUPrZfVf8B/gzjAgMBAAECEQCd8r0IbVi+c84EAM4bn4jR AgkA76ubwSohclcCCQDEsKeD0YPaVQIIaHDg8+E3KAsCCELVeAZdof0FAgkAyqHj yqUIUes= -----END RSA PRIVATE KEY----- root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl genrsa 128 Generating RSA private key, 128 bit long modulus ..+++++++++++++++++++++++++++ .+++++++++++++++++++++++++++ e is 65537 (0x10001) p:CA1A6069FBCE0E6B Phase 1 q:CA1A6069FBCE0E6B -----BEGIN RSA PRIVATE KEY----- MGUCAQACEQDIjp/x7uVVrCNdf9Y1SpStAgMBAAECEQCyNiIkPe7lN1KFh4ubrk8V AgkA/gq1dP5Y/0cCCQDKGmBp+84OawIJALlWjL4XFkzfAgkArBEa5wD4pXMCCQDW mLQFBXBWbw== -----END RSA PRIVATE KEY----- root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl genrsa 128 Generating RSA private key, 128 bit long modulus ...+++++++++++++++++++++++++++ .+++++++++++++++++++++++++++ e is 65537 (0x10001) p:F4D74AA8BE84C4A3 Phase 1 q:D83D57FC191345D1 -----BEGIN RSA PRIVATE KEY----- MGICAQACEQDO0FJxcT23cfxgf5/WfXgTAgMBAAECECNo7cS4o92FmsN9eYgtFiEC CQD010qovoTEowIJANg9V/wZE0XRAghhDEkqk8HakwIJAKFKKD12qqRxAggvO+Uz yUnU6g== -----END RSA PRIVATE KEY----- root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# As, in my environment, p qnd q are identical in about 50% of the cases, this is in my opinion a big security hole, because p and q can be determined from N by calculating the square-root of N. I will try to test this with a newer release of openssl as well. Thank you. Regards, Felix _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
