[cryptography] Duplicate primes in lots of RSA moduli
iang at iang.org
Tue Feb 21 07:57:44 EST 2012
On 21/02/12 04:22 AM, Thierry Moreau wrote:
> Ben Laurie wrote:
>>> On Sun, Feb 19, 2012 at 05:57:37PM +0000, Ben Laurie wrote:
>>>> In any case, I think the design of urandom in Linux is flawed and
>>>> should be fixed.
>> In FreeBSD random (and hence urandom) blocks at startup, but never again.
> The mental model for authentication key generation operation should
> reflect the fact that "it requires the computer to roll dice very
> secretly for your protection, but the computer is very poor at this type
> of dice rolling -- it may thus take time and/or require you to input
> anything on the keyboard/mouse/touchscreen until adequate dice shaking
> simulation has been achieved".
> If security experts are not prepared to face this fact -- true random
> data collection and associated entropy assessment can not be made
> intrinsic to a computer system -- we are unjustified to expect OS
> suppliers to provide a magic fix, or software developers to take the
> liberty to solve an issue which is seldom stated.
I think I agree. I'd characterise it as like this: if you don't care
that much, it's good enough. If you care an awful lot, you have to do
it yourself anyway. The solutions out there seem aligned with that
> In this perspective, the root cause for the RSA modulus GCD findings is
> the security experts inability to recognize and follow-up the
> ever-present challenges of secret random data generation. As such, the
> Linux design is seldom at stake.
Yeah. There is an inability on the part of some security people and all
the media to accept that some designers have accepted a risk rather than
stomp it dead.
More information about the cryptography