[cryptography] Duplicate primes in lots of RSA moduli

Nico Williams nico at cryptonector.com
Thu Feb 16 15:47:21 EST 2012


On Thu, Feb 16, 2012 at 12:28 PM, Jeffrey Schiller <jis at qyv.net> wrote:
>> Are you thinking this is because it causes the entropy estimate in the RNG to be higher than it really is? Last time I checked OpenSSL it didn't block requests for numbers in cases of low entropy estimates anyway, so line 3 wouldn't reduce security for that reason.
>
> I  am thinking this because in low entropy cases where multiple boxes generate the same first prime adding that additional entropy before the second prime is generated means they are likely to generate a different second prime leading to the GCD attack.

I'd thought that you were going to say that so many devices sharing
the same key instead of one prime would be better on account of the
problem being more noticeable.  Otherwise I don't see the difference
between one low-entropy case and another -- both are catastrophic
failures.

Nico
--



More information about the cryptography mailing list