[cryptography] Duplicate primes in lots of RSA moduli

James A. Donald jamesd at echeque.com
Wed Feb 22 20:22:02 EST 2012


On 2012-02-23 9:49 AM, Jeffrey Walton wrote:
> On Wed, Feb 22, 2012 at 2:53 AM, James A. Donald<jamesd at echeque.com>  wrote:
>> On 2012-02-22 12:31 PM, Kevin W. Wall wrote:
>>> 1) They think that key size is the paramount thing; the bigger the
>>> better.
>>> 2) The have no clue as to what cipher modes are. It's ECB by default.
>>> 3) More importantly, they don't know how to choose a cipher mode (not
>>>       surprising, given #2). They need to understand the trade-offs.
>>> 4) They have no idea about how to generate keys, derived keys, IVs,
>>> 5) They don't know what padding is, or when/why to use it.
>>> 6) They have a very naive concept of entropy...where/when to use it
>>>   and from where and how to obtain it.
>>
>> The debian debacle was none of the above - the patch was simply obviously
>> stupid even if one had no idea about what the software was supposed to be
>> doing.
> Remember, OpenSSL gave tacit approval: "If it helps with debugging,
> I'm in favor of removing them,"
> http://www.mail-archive.com/openssl-dev@openssl.org/msg21156.html.

OpenSSL approved removing uninitialized data as *one* of many sources of 
randomness.  They did not give approval to remove *all* sources of 
randomness.

The routine for stirring randomness into the entropy pool had all use of 
its input argument commented out, so that the routine did nothing - did 
nothing regardless of whether it was called with uninitialized data, or 
called with any other source of randomness.

Which was simply moronic.  You don't need to know anything about 
cryptography to figure out that disabling a widely used routine because 
valgrind complains about *two* uses of that routine is stupid.

The fact that this was done and passed code review discredits the debian 
organization.



More information about the cryptography mailing list