[cryptography] This paper was presented in August?
rvh40 at insightbb.com
Wed Feb 15 15:29:12 EST 2012
"Crypto shocker: four of every 1,000 public keys provide no security (updated)
By Dan Goodin | Published February 15, 2012 6:00 AM
Crypto shocker: four of every 1,000 public keys provide no security (updated)
Keys that share one prime factor are vulnerable to cracking by anyone. Keys that share both prime factors can be broken by the other holder.
An astonishing four out of every 1,000 public keys protecting webmail, online banking, and other sensitive online services provide no cryptographic security, a team of mathematicians has found. The research is the latest to reveal limitations in the tech used by more than a million Internet sites to prevent eavesdropping.
The finding, reported in a paper (PDF) submitted to a cryptography conference in August, is based on the analysis of some 7.1 million 1024-bit RSA keys published online. By subjecting what's known as the "modulus" of each public key to an algorithm first postulated more than 2,000 years ago by the Greek mathematician Euclid, the researchers looked for underlying factors that were used more than once. Almost 27,000 of the keys they examined were cryptographically worthless because one of the factors used to generate them was used by at least one other key.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography