[cryptography] Duplicate primes in lots of RSA moduli
pgut001 at cs.auckland.ac.nz
Wed Feb 22 21:44:08 EST 2012
Marsh Ray <marsh at extendedsubset.com> writes:
>Obviously this story is made up and probably not even fully consistent. But
>having worked a little bit around hardware engineers it seems to me like a
>very plausible scenario, if not typical.
It's actually pretty spot-on until about the "I notice the TI CC2530 uses a
LFSR" bit, which I think would be going a bit far for many hardware engineers.
These are guys who pride themselves in being able to construct a working PWM
from toothpicks, a case of 3/18" boxcar prawns, and cannibalised parts from a
Speak-n-Spell. A zener and a Schmitt trigger will do fine, or clock drift
between something and something else. It shouldn't take more than ten minutes
to solve, and then we can get back to solving real problems like those odd
noise spikes in the sensor input.
(I don't mean that in any kind of negative way, an embedded systems engineer
would - or at least should - be very good at getting hardware working under
adverse conditions, but shouldn't be expected to be a security geek).
>if *I* had been in that product design meeting, what could I have said to
>convey the real issue in concrete terms that would have focused the attention
>where it needed to be in order to avoid the mass vulnerability.
I've been involved in situations like this, and once you get over a very, very
small threshold "just make it go" overrides everything else. In the end the
quality of the RNG often comes down to how much time and effort the individual
tasked with doing whatever part of the system it's associated with decides to
invest in it. I've seen the bare minimum, I've seen pretty good (if somewhat
uninformed) attempts, I've seen people distract themselves for three weeks
with Diehard and then cobble something together at the last minute, it
usually ends up coming down to what one individual feels like doing.
More information about the cryptography