Factorable Keys: Twice As Many, But Half As Bad 40
J. Alex Halderman and Nadia Heninger write in with an update to yesterday's story on RSA key security: "Yesterday Slashdot posted that RSA keys are 99.8%
secure in the real world. We've been working on this
concurrently, and as it turns out, the story is a bit more
complicated. Those factorable keys are generated by your router and
VPN, not bankofamerica.com. The geeky details are pretty nifty: we
downloaded every SSL and SSH keys on the internet in a few days, did
some math on 100 million digit numbers, and ended up with 27,000
private keys. (That's 0.4% of SSL keys in current use.) We posted a
long
blog post summarizing our findings over at Freedom to Tinker."
Dont these keys change often? How would you match? (Score:5, Insightful)
Re:slashdotted (Score:2, Insightful)
All I see is a wall of text.
Apparently what you pay for to get past the 'pay wall' is the line feeds.
Not a flaw in the crypto (Score:2, Insightful)
FTA:
For the system to provide security, however, it is essential that the secret prime numbers be generated randomly. The researchers discovered that in a small but significant number of cases, the random number generation system failed to work correctly.
So it's the faulty implementations that we need to worry about. The foundation itself is still strong.