[cryptography] Duplicate primes in lots of RSA moduli

Marsh Ray marsh at extendedsubset.com
Wed Feb 22 19:37:15 EST 2012


On 02/22/2012 05:49 PM, Jeffrey Walton wrote:
> Remember, OpenSSL gave tacit approval: "If it helps with debugging,
> I'm in favor of removing them,"
> http://www.mail-archive.com/openssl-dev@openssl.org/msg21156.html.

The full quote from Ulf Möller is:

> Kurt Roeckx schrieb:
>> What I currently see as best option is to actually comment out
>> those 2 lines of code.  But I have no idea what effect this really
>> has on the RNG.  The only effect I see is that the pool might
>> receive less entropy.  But on the other hand, I'm not even sure
>> how much entropy some unitialised data has.
>
> Not much. If it helps with debugging, I'm in favor of removing them.
> (However the last time I checked, valgrind reported thousands of
> bogus error messages. Has that situation gotten better?)

What Ulf gave was his own weak conditional support based on the way Kurt 
posed the question, which implied that it was only entropy from 
uninitialized memory being added.

But did OpenSSL go ahead and remove them or express interest a patch? No.

Now that would certainly count as approval.

Personally, I think it's a brilliant example of engineering 
miscommunication. One of open source crypto's great teaching moments, 
akin to the civil engineer's KC Hyatt walkway collapse.
https://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse

Just look at this engineering diagram:
https://en.wikipedia.org/wiki/File:HRWalkway.svg

Could easily be a crypto system.

- Marsh

P.S. Sadly, in case anyone hadn't heard, Ulf Möller died last month.
> http://ulf-m.blogspot.com/2012/02/help-us-find-people-who-killed-ulf.html



More information about the cryptography mailing list