[cryptography] Duplicate primes in lots of RSA moduli

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Feb 22 21:44:08 EST 2012


Marsh Ray <marsh at extendedsubset.com> writes:

>Obviously this story is made up and probably not even fully consistent. But 
>having worked a little bit around hardware engineers it seems to me like a 
>very plausible scenario, if not typical.

It's actually pretty spot-on until about the "I notice the TI CC2530 uses a 
LFSR" bit, which I think would be going a bit far for many hardware engineers. 
These are guys who pride themselves in being able to construct a working PWM 
from toothpicks, a case of 3/18" boxcar prawns, and cannibalised parts from a 
Speak-n-Spell. A zener and a Schmitt trigger will do fine, or clock drift 
between something and something else. It shouldn't take more than ten minutes 
to solve, and then we can get back to solving real problems like those odd 
noise spikes in the sensor input.

(I don't mean that in any kind of negative way, an embedded systems engineer 
would - or at least should - be very good at getting hardware working under 
adverse conditions, but shouldn't be expected to be a security geek).

>if *I* had been in that product design meeting, what could I have said to 
>convey the real issue in concrete terms that would have focused the attention 
>where it needed to be in order to avoid the mass vulnerability.

I've been involved in situations like this, and once you get over a very, very 
small threshold "just make it go" overrides everything else. In the end the 
quality of the RNG often comes down to how much time and effort the individual 
tasked with doing whatever part of the system it's associated with decides to 
invest in it. I've seen the bare minimum, I've seen pretty good (if somewhat 
uninformed) attempts, I've seen people distract themselves for three weeks 
with Diehard and then cobble something together at the last minute, it 
usually ends up coming down to what one individual feels like doing.

Peter.



More information about the cryptography mailing list