[cryptography] Duplicate primes in lots of RSA moduli

Tom Ritter tom at ritter.vg
Wed Feb 15 13:35:45 EST 2012

On 15 February 2012 11:56, Ben Laurie <ben at links.org> wrote:
> I did this years ago for PGP keys. Easy: take all the keys, do
> pairwise GCD. Took 24 hours on my laptop for all the PGP keys on
> keyservers at the time. I'm trying to remember when this was, but I
> did it during PETS at Toronto, so that should narrow it down. With
> Matthias XXX (I've forgotten his surname!).

I mentioned this a few months ago, you had said you did it at PETS 2004. [0,1]

Something I found strange in their paper was this quote:

"PGP keys have no expiration dates or hashes. All public keys were
further analysed as described below." (bottom of page 4)

PGP keys *may* have no expiration date, but they may, and anecdotally
most I've seen do.  Likewise, nearly all keys have a self-signed UID
associated with them, and that signature uses a hash algorithm.


[0] Original Thread:
[0] Your Reply:

More information about the cryptography mailing list