VnutZ Domain
Copyright © 1996 - 2020 [Matthew Vea] - All Rights Reserved

2012-02-17
Featured Article

Key Generation Weakness

[index] [573 page views]
Tagged As: Cryptography and Security

RSA's public key algorithms (pdf) pretty much runs the Internet's security and is found everywhere from SSL to SSH. The strength of the system relies upon the computational improbability of an attacker being able to factor down to two large primes. Consumer grade devices, unfortunately, lack the appropriate levels of entropy from which to seed random number generation resulting in number duplication. In a brute force study where researchers scraped literally every public IP on the Internet to grab all discoverable public keys whereupon they "manually verified that 59,000 duplicate keys were repeated due to entropy problems, representing 1% of all certificates, or 2.6% of self-signed certificates" and "also found that 585,000 certificates, or 4.6% of all devices used the default certificates pre-installed on embedded devices." The full study itself (pdf) goes into mathematical detail on their process for analyzing weak key generation sequences and factoring predictable sequences to derive private keys.



More site content that might interest you:

Sometimes, people just make it too easy to get broken into ...


Try your hand at fate and use the site's continuously updating statistical analysis of the MegaMillions and PowerBall lotteries to choose "smarter" number. Remember, you don't have to win the jackpot to win money from the lottery!


Tired of social media sites mining all your data? Try a private, auto-deleting message bulletin board.