[cryptography] Duplicate primes in lots of RSA moduli

Jeffrey Walton noloader at gmail.com
Wed Feb 22 19:50:47 EST 2012


On Wed, Feb 22, 2012 at 7:37 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
> On 02/22/2012 05:49 PM, Jeffrey Walton wrote:
>>
>> Remember, OpenSSL gave tacit approval: "If it helps with debugging,
>> I'm in favor of removing them,"
>> http://www.mail-archive.com/openssl-dev@openssl.org/msg21156.html.
>
> The full quote from Ulf Möller is:
>
>> Kurt Roeckx schrieb:
>>>
>>> What I currently see as best option is to actually comment out
>>> those 2 lines of code.  But I have no idea what effect this really
>>> has on the RNG.  The only effect I see is that the pool might
>>> receive less entropy.  But on the other hand, I'm not even sure
>>> how much entropy some unitialised data has.
>>
>> Not much. If it helps with debugging, I'm in favor of removing them.
>> (However the last time I checked, valgrind reported thousands of
>> bogus error messages. Has that situation gotten better?)
>
> What Ulf gave was his own weak conditional support based on the way Kurt
> posed the question, which implied that it was only entropy from
> uninitialized memory being added.
I seem to recall Debian stating they interpreted the statement as an
OK (but I can't find a citation at the moment).

For what its worth, I could not tell if Möller was OK with removing
the statements for Debug only, or all versions (loosely, Debug and
Release). What was not very clear at all (to me): how removing the
statements was even helpful in debugging.

> But did OpenSSL go ahead and remove them or express interest a patch? No.
In this instance, I believe Debian made the changes then pushed the
patch upstream. Debian did not wait for OpenSSL action. Isn't that
fairly typical? I don't recall what happened afterwards (did OpenSSL
kick the patch?).

> Personally, I think it's a brilliant example of engineering
> miscommunication. One of open source crypto's great teaching moments, akin
> to the civil engineer's KC Hyatt walkway collapse.
> https://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse
Agreed.

> P.S. Sadly, in case anyone hadn't heard, Ulf Möller died last month.
>> http://ulf-m.blogspot.com/2012/02/help-us-find-people-who-killed-ulf.html
Very unfortunate. I hate to hear things like that (cryptograper or not).

Jeff



More information about the cryptography mailing list