[cryptography] Running a keyserver is valuable OR pairwise attacks on public keys

Ian Goldberg ian at cypherpunks.ca
Fri Sep 9 08:10:25 EDT 2011

On Thu, Sep 08, 2011 at 11:46:30PM -0400, Tom Ritter wrote:
> A long time ago I read an account on a website of a test done in the 90s
> on public RSA keys.  A keyserver operator was politely asked for the
> entire database of public keys, and he complied (I think it was the MIT
> keyserver and the researchers were at MIT, but I don't recall.)
> The public keys were all analyzed and compared efficiently pairwise
> (computing the GCD I believe) to see if by some small chance a
> factorization would occur.  And it did - I recall the website saying it
> was a very strange scenario with one of the keys not actually being
> correctly semiprime and having several small factors.
> I was never able to find the website giving this account again.

If I remember correctly, that was Ben Laurie.  He was telling people
about it at PET 2004 in Toronto, I think it was.  The common factor in
the RSA moduli was 9.

   - Ian

More information about the cryptography mailing list