[cryptography] Running a keyserver is valuable OR pairwise attacks on public keys
ian at cypherpunks.ca
Fri Sep 9 08:10:25 EDT 2011
On Thu, Sep 08, 2011 at 11:46:30PM -0400, Tom Ritter wrote:
> A long time ago I read an account on a website of a test done in the 90s
> on public RSA keys. A keyserver operator was politely asked for the
> entire database of public keys, and he complied (I think it was the MIT
> keyserver and the researchers were at MIT, but I don't recall.)
> The public keys were all analyzed and compared efficiently pairwise
> (computing the GCD I believe) to see if by some small chance a
> factorization would occur. And it did - I recall the website saying it
> was a very strange scenario with one of the keys not actually being
> correctly semiprime and having several small factors.
> I was never able to find the website giving this account again.
If I remember correctly, that was Ben Laurie. He was telling people
about it at PET 2004 in Toronto, I think it was. The common factor in
the RSA moduli was 9.
More information about the cryptography