Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Encryption

Researchers Find Same RSA Encryption Key Used 28,000 Times 132

itwbennett writes In the course of trying to find out how many servers and devices are still vulnerable to the Web security flaw known as FREAK, researchers at Royal Holloway of the University of London found something else of interest: Many hosts (either servers or other Internet-connected devices) share the same 512-bit public key. In one egregious example, 28,394 routers running a SSL VPN module all use the same 512-bit public RSA key.
This discussion has been archived. No new comments can be posted.

Researchers Find Same RSA Encryption Key Used 28,000 Times

Comments Filter:
  • by Iamthecheese ( 1264298 ) on Tuesday March 17, 2015 @11:18AM (#49276307)
    This is a real problem and I don't mean to minimize it. But weak encryption is infinitely better than none, and the solution to this is immensely easier than the solution to the many, many wholly unencrypted connections that are happening this very moment. I think we should prioritize getting all connections everywhere encrypted somehow.
    • by Anonymous Coward

      Uhm. No.

      Weak encryption provides the illusion of safety when there is none in fact to be had. It typically means that you will carry on as if you had the security of encryption but you don't and you end up doing something (for all practical purposes) in the clear that you would not otherwise, like transmit your bank account number or credit card number, etc.

      Assuming you were somebody who likes to drive faster than the speed limit would you rather drive without a radar detector at all and know you need to

    • by Anonymous Coward

      No.

      I don't put my credit card number in a form that submits plaintext.

      A form that appears to be encrypted but actually isn't because the server fucked up is infinitely LESS secure in practice.

    • by Petr Kočmíd ( 3424257 ) on Tuesday March 17, 2015 @11:55AM (#49276663)
      Weak, bad or fake encryption is infinitely much worse than none, because it makes people believe they are safe while they are not.
    • Weak encryption is infinitely WORSE than none.

      The illusion of security is more likely to cause people to divulge information that they wouldn't do in plain text.

      I remember when the export key laws were in place. Once the regulations were changed doing away with them, software and equipment should have been required to remove the obsolete code or be taken off the market.

      My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?

      • by tlhIngan ( 30335 )

        Weak encryption is infinitely WORSE than none.

        The illusion of security is more likely to cause people to divulge information that they wouldn't do in plain text.

        I remember when the export key laws were in place. Once the regulations were changed doing away with them, software and equipment should have been required to remove the obsolete code or be taken off the market.

        My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?

        Yes, bad encryption i

      • My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?

        The trouble with removing old/weak modes is that you break interoperability with systems that only support those modes. Implementations that were limited to export modes only didn't disappear the instant the export restrictions were lifted. In some cases old versions of software stick around for many years because there is some problem that blocks upgrading.

        So someone has to make the difficult call as to when the risk posed by supporting the old/weak modes outweighs the interoperability issues that will be

        • Of course systems continued to support the older mode at first.

          That being said, the regulations regarding key length were relaxed starting in 1998. By 1999, all restrictions on key length were removed for import and export to all countries not on the terrorist state list. Risk analyses had already been done by any company that had requested a license to export cryptographic products. So, when the restrictions were lifted, the dangers of the export key length restrictions were well known.

          In particular,

    • by sjames ( 1099 )

      Not really. If it' cleartext, you know it's cleartext and have the appropriate security expectations. If it's encrypted, you have a different set of expectations which are not met if the key is actually shared in common.

      Often it's better to know you have no security than it is to tyhink you are highly secure when you are actually quite vulnerable.

    • This is a real problem and I don't mean to minimize it. But weak encryption is infinitely better than none,

      Not when people think "It's encrypted".

      Sometimes it is much better to know something is insecure and behave accordingly than to depend on a lie and get burned.

      VPN technology especially is particularly abysmal everywhere I go customers using PPTP, some form of challenge-response authentication over the clear or over shared keys or using EAP methods without properly verifying trust chains. At least with secure websites we have security checkers like Qualsys... if you were to run that same scanner on the TLS

      • The one case where I can think of where weak encryption might be useful is if there's a general sweep that involves you just because you're there. Weak encryption would take some minor effort to crack, and if the sweep picks up enough plaintext the sweeper may not bother with any ciphertext. It's similar to having a password like Ca$tl3 on a system where people have passwords like password1; if the attacker just wants one account they're likely to crack somebody else's first.

    • I agree, I liken this to a Master Lock. All keys are the same for the master lock (A Hammer/Crowbar), that doesn't mean it doesn't provide a measure of "sufficient security".

      like Hey, if you want to steal my lawnmower thats cool bro. I'll put a master lock on the shed and worry about securing the really important stuff.

    • by gweihir ( 88907 )

      I do not agree. The problem is that encryption done by incompetents (like this one) gives you a false sense of security. The result is that you may trust the connection a lot more and that you may put things through it that are a problem if intercepted. If you know it is just plain text, you will be careful. This way, many people will not.

    • That's nonsense.

      Weak encryption is *worse* than no encryption because it gives people a false sense of security they shouldn't have. It makes them feel safe to say or do things they wouldn't do if they realized how bad the encryption they're using really is.

  • So Out Them! (Score:4, Interesting)

    by bill_mcgonigle ( 4333 ) * on Tuesday March 17, 2015 @11:25AM (#49276367) Homepage Journal

    "That's just laziness on the part of a manufacturer," Paterson said in a phone interview. "This is cardinal sin."

    Then it deserves at least social shaming and ostracism, if not worse than those minor responses to venial sins. Protecting the manufacturers only creates an environment where the incentives are aligned for them to do it again. If manufacturers aren't keenly aware that they need to protect their reputation, then they will cut every corner that doesn't provide them a competitive advantage.

  • by swschrad ( 312009 ) on Tuesday March 17, 2015 @11:25AM (#49276373) Homepage Journal

    there is no such thing as security any more using the common models and parameters. got to step it up, without fallback to silliness like 512 bit keys. the bigger problem is nobody has been bankrupted and sent to jail yet, so the impetus is not there to fix it as the first priority of business.

  • I imagine .... (Score:5, Insightful)

    by PPH ( 736903 ) on Tuesday March 17, 2015 @11:30AM (#49276423)

    ... some vendor built a router or server up to the point of generating the public/private key pair, tested it, saved the image and started copying it to production units.

    Similar mistake [theregister.co.uk] have been made before.

  • Poor first sentence (Score:5, Informative)

    by in10se ( 472253 ) on Tuesday March 17, 2015 @11:34AM (#49276475) Homepage

    First line of the article:
    "What if the key to your house was shared with 28,000 other homes?"

    The fact is, you very well might share the key to your house with more than 28000 other homes. Common lock brands you can buy at Home Depot, Lowe's, etc. create a surprisingly low number of different key/tumbler combinations.

    • by bobbied ( 2522392 ) on Tuesday March 17, 2015 @11:45AM (#49276555)

      So having a lock really is an advantage... Well, actually it doesn't matter to a thief anyway.

      I once had the window broken in my car so they could steal my wife's purse... The doors where unlocked, but they broke the window anyway.

      I guess the issue here is that the "key" is easily changed in this case. You don't need to have the guy at the home improvement store rekey it for you...

    • Re: (Score:2, Insightful)

      by Lumpy ( 12016 )

      Yup, most popular locks on homes have a very very limited number of key combinations.

      Cars are worse. It's not uncommon to find another car that your key can unlock.

      • Cars are worse. It's not uncommon to find another car that your key can unlock.

        The obvious question here is how do you know? ;) Do you go around trying to open random car doors with your keys? I know I don't..

        Oh, but there is the ignition key chip stuff now where an RFID tag is embedded in the key, so you may be able to turn the key, but it's not going to start for you unless that RFID is loaded using a manufacturer specific tool.

        • The pin information is public. Residential Schlage locks have 5 pins. Each pin can be one of 9 heights. The height differences are quite small, so with some wiggling you don't even need an exact match.

        • by Lumpy ( 12016 )

          Why cares about starting the car, you steal everything inside it or tow it to part it out.

          stolen cars are impossible to sell, parts on the other hand are mostly untraceable.

        • by Lumpy ( 12016 )

          Also for your own education.....

          https://books.google.com/books... [google.com]

          Buy this book if you want to learn how insecure 90% of the lock designs in use are.

          Car keys and house keys are there only to keep your neighbors honest.

          • Car keys and house keys are there only to keep your neighbors honest.

            On that we fully agree... Locks only keep honest people honest, in all their various forms.

    • Well yeah, how many wireless garage door frequencies or whatever they use exist?
    • by 93 Escort Wagon ( 326346 ) on Tuesday March 17, 2015 @11:55AM (#49276661)

      Cars, too.

      Funny anecdote: Quite some years ago, my wife and I were over at another couple's house for our semi-regular game of Pinocle. After we called it an evening, I went out the door and accidentally got into their Ford Escort (at the time, they owned one that was a very similar color to ours - plus it was night). They stood there and laughed at me... and then I started their car with my key.

      • Whoops, that was an epic quote fail!

      • Actually starting the car is far less likely in newer cars, because whilst the number of key combinations are small, the number of key transponders is not.

        • by jrumney ( 197329 )

          Actually starting the car is far less likely in newer cars, because whilst the number of key combinations are small, the number of key transponders is not.

          Yes, but we're talking about a Ford Escort here. Even if you have the right key, its a toss up whether it will start.

      • Hmm... sounds like a key party rather than an unlikely occurrence.

      • by Cramer ( 69040 )

        That had to be a long time ago. Today, even 'tho the key fits and turns, the electronic security codes won't match. (assuming there is a traditional key.)

        That said, my '84 Ford and my sister's '90 Ford had the same ignition key, but different door keys. That's before such electronic security, and when there was a "door" key.

      • The same thing happened to my mother in a shopping mall a few years ago. She had an older Renault, literally got half way home before she realised it wasn't her car.

      • Had a partial similar fail one day at a shopping centre. Got back out to the car and someone had parked an identical car in front of mine. I was able to unlock the door but I wasn't able to start the car.

        I then had to convince the man I really wasn't trying to steal his car. Talk about awkward conversations.

    • First line of the article: "What if the key to your house was shared with 28,000 other homes?"

      Several years ago I found myself in this situation. I worked night shift, getting home between 2-3 AM. One night I unlocked my door, opened it, and just had time to think "WTF, this isn't my living room" when some guy came running up with "hey, who are you!!!".

      The place I was renting was WW2 era housing, a group of rectangular buildings next to each other, each with 8 apts (think | | | | | |). I had the upper unit in the back, turns out my key worked on *every* upper back unit in each building. Talked to

      • by Obfuscant ( 592200 ) on Tuesday March 17, 2015 @12:31PM (#49276939)

        turns out my key worked on *every* upper back unit in each building.

        That's just lazy on the part of your landlord. It's easier for him if all his units share the same lock so he has only one key to carry around.

        But common house keys? Yes, relatively few "combinations". I'm looking at mine, bought from a big-box home outlet store. Five lands -- that's the flat areas where the pins rest when the key is inserted. I didn't count them when I rekeyed my locks, but it's about five pin lengths. Let's see, 5^5 is 3125 different keys. Six pin lengths would be only about 15,000 different sets.

        My work keys have 6 or 7 lands, but the security of those is reduced because each pin has at least two valid lengths. There is actually a published method for taking a bunch of key blanks and a valid key and figuring out the master.

        If you want to know how locks work, go buy a new lock for a house and the rekey kit for it. It's fun. While each kit is "different" (or is supposed to be), with a bit of looking you can find two kits with the same pin lengths just in a different order so you can rekey two locks the same. (The kits I bought had colors for the pins.)

        For cars, I heard a long time ago that Toyotas were prime theft targets not because of the value but because there were a limited number of dealer master keys and the crooks had copies.

    • by Greyfox ( 87712 )
      Yeah, I replaced the locks on a couple of doors a couple of years ago and was surprised to find the new key worked just as well on a couple of the other locks that I hadn't replaced. Actually not that surprised, really. There aren't that many tumblers and not that many combinations of them. The keys to your house would probably work on a lot more than 28,000 doors across the country, if you tried them. I wouldn't suggest trying them, though. That'll get you shot in a lot of places.

      Fact of the matter is, l

      • by jabuzz ( 182671 )

        If you buy quality locks there are many orders of magnitude than 28,000 combinations. There are plenty of quality lock systems on the market with over a billion different key combinations.

        The big think at the moment depending whether the thieves in your area have court on is lock snapping. If you have europrofile or similar locks and they are not quality anti-snap, anyone can be in in under 20 seconds.

        • by Greyfox ( 87712 )
          You keep saying "quality". I'm guessing you're not talking about the $20 three-pack you can get down at the local hardware store?
    • A school friend of mine became an apprentice locksmith decades ago. Those big old fashioned locks from pre-1980's only had about 14 keys total, all numbered. When someone came to get a copy he didn't have to cut one, just pull a spare out of the box.
    • It really doesn't matter that much, in the house key case.

      Anybody who can take advantage of the limited number of keys can get into your house in other ways, such as picking the lock or making a key from scratches on the blank. Other people will kick the door in or break a window. Houses really aren't all that secure.

      So, you're vulnerable to somebody who happens to have the same house key as you do, and happens to know it fits your lock. That is not something that's likely to happen.

      The equivalent

  • So easy to find (Score:5, Interesting)

    by kooky45 ( 785515 ) on Tuesday March 17, 2015 @11:37AM (#49276499)
    Just scanned the /16 next to my home broadband and found a number of repeated certificate hashes and all belonging to systems identifying themselves as

    *.myfoscam.org/organizationName=ShenZhen Foscam Intelligent Technology Co,Ltd

    Seems to be a network enabled camera.

    • Just scanned the /16 next to my home broadband and found a number of repeated certificate hashes and all belonging to systems identifying themselves as

      *.myfoscam.org/organizationName=ShenZhen Foscam Intelligent Technology Co,Ltd

      Seems to be a network enabled camera.

      Which is why I don't allow them out of my local network, and never setup their "remote access" functionality. in fact, it's explicitly disabled.

    • Re:So easy to find (Score:4, Interesting)

      by kooky45 ( 785515 ) on Tuesday March 17, 2015 @12:12PM (#49276791)
      And done the /8 now and another common ones are

      commonName=UBNT/organizationName=Ubiquiti Networks Inc.

      commonName=TS Series NAS/organizationName=QNAP Systems Inc.

      commonName=Vigor Router/organizationName=DrayTek Corp.

      commonName=homenet.telecomitalia.it/organizationName=TELECOM ITALIA SPA

      commonName=localdomain/organizationName=Axentraserver Default Certificate 863B4AB

      In fact, there are duplicate hashes appearing all over the place so it's an endemic problem.

    • Balls, I've got one of those cameras.

      So has anyone checked to see if this was by design? Give everyone encryption, but it's the same key, like a master lock that any locksmith or landlord can bypass?
      • by _merlin ( 160982 )

        It makes you vulnerable to MITM attacks, since when you connect to your camera, you can't be sure it's actually yours and not just another device with the same well-known certificate/key.

        It means that if you use a key exchange mechanism that encrypts the session keys with the server key then someone who's extracted the private key from one of these can decrypt communications with any of the cameras using the same certificate/key.

        If you use a key exchange mechanism with forward secrecy, extracting the privat

  • Comment removed based on user account deletion
    • by Imagix ( 695350 )
      Ahem. Unlike you, manufacturers can get keys which can sign other keys. Which means they can buy 1 key and generate as many sub-keys as they like.
      • by Anonymous Coward

        Putting 1 key into a image vs having a different key go into every image.

        One is cheap, the other isn't. (when pennies count).

    • These are not certificates. They're not validated by any trusted authority. These are host keys: you generate them yourself for the cost of electricity. You could have your router generate its own keys the first time it starts up for the cost of a couple seconds delay.
    • by swb ( 14022 )

      You could use your own CA and generate self signed certificates.

    • You do realize these are self signed keys? They are trivial to generate and have no cost.

  • Without SALT even encryption is bland. Try searching encrypted password hashes on google it's always interesting to see who you share the same password word. Often the userid is revealed in the search, if the userid is unique you can search the userid out and find new sites to try your new acquired user:pass combo's.
  • Once I know the key is good, I stick with it and use it everywhere. Why to mess with it if it's working?
  • Most people doing anything on the internet have no functional literacy in security. WEP, WPA, SSL, https,...it's all alphabet soup mumbo jumbo to most people.

    Now, some self-appointed expert is going to chime in in a few moments and say that these ignorant fools need to educate themselves about this, and if they get pwned it's all their own fault.

    The problem *is* that people need to be educated, but right now to truly understand the rudiments of security technology and the risks probably requires some night

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...