oss-security - Re: broken RSA keys

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <572A871B.5070303@openwall.com>
Date: Thu, 5 May 2016 02:34:51 +0300
From: Alexander Cherepanov <ch3root@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: broken RSA keys

On 2016-05-04 15:42, Solar Designer wrote:
> Now to the point: some of the keys do look to me like they're a result
> of software bugs in key generation.  Specifically, as it was noticed and
> noted by many before, Phuctor's list of broken keys includes many with
> non-prime e of the form intended_e*(2^32+1) - that is, with the 32-bit
> value duplicated across 64 bits.  (I wrote it that way to show that all
> such e's are non-prime.)

Indeed. From 225 keys listed at http://phuctor.nosuchlabs.com/phuctored, 
152 ones have modulus and exponent divisible by 2**32+1:

$ curl -s http://phuctor.nosuchlabs.com/phuctored |
 >   perl -Mbigint -ln0e 'print join " ", map { $_ % (2**32 + 1) } ($1, 
$2) while m{RSA Modulus .N.:.*?<td>(\d+)<.*?<td>(\d+)<}sg' |
 >   grep -c '^0 0$'
152

Modulus and exponent are divisible by 2**32+1 or not simultaneously.

-- 
Alexander Cherepanov

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.