[cryptography] Duplicate primes in lots of RSA moduli

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Feb 15 04:56:33 EST 2012


Michael Nelson <nelson_mikel at yahoo.com> writes:

>Paper by Lenstra, Hughes, Augier, Bos, Kleinjung, and Wachter finds that two
>of every one thousand RSA moduli that they collected from the web offer no
>security. An astonishing number of generated pairs of primes have a prime in
>common.

The title of the paper "Ron was wrong, Whit is right" I think is rather
misleading, since virtually all the DSA keys were PGP-generated and there was
only one ECDSA key, while there were vast numbers of RSA keys from all manner
of software.  So what it should really say is "PGP got DSA keygen right, the
sample size for ECDSA is too small to make any meaingful comment, and some RSA
implementations aren't so good".

Peter.



More information about the cryptography mailing list