|
Message-ID: <572A871B.5070303@openwall.com> Date: Thu, 5 May 2016 02:34:51 +0300 From: Alexander Cherepanov <ch3root@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: broken RSA keys On 2016-05-04 15:42, Solar Designer wrote: > Now to the point: some of the keys do look to me like they're a result > of software bugs in key generation. Specifically, as it was noticed and > noted by many before, Phuctor's list of broken keys includes many with > non-prime e of the form intended_e*(2^32+1) - that is, with the 32-bit > value duplicated across 64 bits. (I wrote it that way to show that all > such e's are non-prime.) Indeed. From 225 keys listed at http://phuctor.nosuchlabs.com/phuctored, 152 ones have modulus and exponent divisible by 2**32+1: $ curl -s http://phuctor.nosuchlabs.com/phuctored | > perl -Mbigint -ln0e 'print join " ", map { $_ % (2**32 + 1) } ($1, $2) while m{RSA Modulus .N.:.*?<td>(\d+)<.*?<td>(\d+)<}sg' | > grep -c '^0 0$' 152 Modulus and exponent are divisible by 2**32+1 or not simultaneously. -- Alexander Cherepanov
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.