Crypto shocker: four of every 1,000 public keys provide no security (updated)
By Dan Goodin | Published February 15, 2012 6:00 AM
Crypto shocker: four of every 1,000 public keys provide no security (updated)
Keys that share one prime factor are vulnerable to cracking by anyone. Keys
that share both prime factors can be broken by the other holder.
An astonishing four out of every 1,000 public keys protecting webmail, online
banking, and other sensitive online services provide no cryptographic security,
a team of mathematicians has found. The research is the latest to reveal
limitations in the tech used by more than a million Internet sites to prevent
eavesdropping.
The finding, reported in a paper (PDF) submitted to a cryptography conference
in August, is based on the analysis of some 7.1 million 1024-bit RSA keys
published online. By subjecting what's known as the modulus of each public
key to an algorithm first postulated more than 2,000 years ago by the Greek
mathematician Euclid, the researchers looked for underlying factors that were
used more than once. Almost 27,000 of the keys they examined were
cryptographically worthless because one of the factors used to generate them
was used by at least one other key.
...
http://arstechnica.com/business/news/2012/02/crypto-shocker-four-of-every-1000-public-keys-provide-no-security.ars?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+Featured+Content%29
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
