The Dutch mathematician Arjen Lenstra concludes that two out of the thousands of public rsa-keys, which, among other things, be used for https encryption, is unsafe. These rsa keys are on the same priemfactor based.
A group of mathematicians at the École Polytechnique Fédérale in Lausanne in switzerland, has a collection of 7.1 million 1024 bit rsa-keys are examined. The team found that nearly 27,000 keys were vulnerable because they are one or more prime factors share.
Certainly 12.720 keys provide no security more, claim the researchers, in a document entitled ” Ron was wrong, Whit is wright, because they are for a large part from a public source and anyone the work of the mathematicians can repeat. Lenstra and his colleagues used among other data from the EFF SSL Observatory. This project has the goal to all of the publicly available ssl certificates, which are available via ipv4, download and vulnerabilities and problems in the application brought to light. Also, 2048bit rsa and ElGamal, which is the basis for pgp forms, are examined, and here, too, did the vulnerability.
The duplicates are due to random number generators that is apparently not completely random generation, but a clear reason for this, the scientists couldn’t give. The security of public keys depends on not repeating the random choices in the generation of the keys. The mathematicians conclude that 99,8% of the keys is secure. This seems to be enough but even a small number of unsafe keys can have major consequences, since a large part of the authentication system of sites on the rsa security is based.
The team from Switzerland is now working together with the EFF-site administrators, certificatenautoriteiten and browsermakers to inform. “We hope that the bugs of the random number generators are quickly found and patched,” said Dan Auerbach, and Peter Eckerlsey of the EFF.