oss-sec mailing list archives
Re: broken RSA keys
From: Alexander Cherepanov <ch3root () openwall com>
Date: Thu, 5 May 2016 02:34:51 +0300
On 2016-05-04 15:42, Solar Designer wrote:
Now to the point: some of the keys do look to me like they're a result of software bugs in key generation. Specifically, as it was noticed and noted by many before, Phuctor's list of broken keys includes many with non-prime e of the form intended_e*(2^32+1) - that is, with the 32-bit value duplicated across 64 bits. (I wrote it that way to show that all such e's are non-prime.)
Indeed. From 225 keys listed at http://phuctor.nosuchlabs.com/phuctored, 152 ones have modulus and exponent divisible by 2**32+1:
$ curl -s http://phuctor.nosuchlabs.com/phuctored |> perl -Mbigint -ln0e 'print join " ", map { $_ % (2**32 + 1) } ($1, $2) while m{RSA Modulus .N.:.*?<td>(\d+)<.*?<td>(\d+)<}sg' |
> grep -c '^0 0$' 152 Modulus and exponent are divisible by 2**32+1 or not simultaneously. -- Alexander Cherepanov
Current thread:
- Re: broken RSA keys, (continued)
- Re: broken RSA keys Solar Designer (May 05)
- Re: broken RSA keys Alexander Cherepanov (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: broken RSA keys Solar Designer (May 12)
- Re: broken RSA keys Solar Designer (May 05)
- Re: broken RSA keys Hanno Böck (May 05)
- Re: broken RSA keys Solar Designer (May 05)
- Re: broken RSA keys Daniel Kahn Gillmor (May 07)
- Re: broken RSA keys Simon McVittie (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: broken RSA keys Hanno Böck (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)