[cryptography] Duplicate primes in lots of RSA moduli

Michael Nelson nelson_mikel at yahoo.com
Thu Feb 23 18:00:56 EST 2012


Ondrej Mikle wrote:

> I took some first 80 results from crunching the moduli
> and mapped them back to certificates. In EFF's SSL
> Observatory there were 3912
unique certs sharing those
> factorized moduli (all embedded devices), couple
extra
> in other DBs.

Could you tell us a couple of things about those certs?  I have created plenty of test CAs on my desktop and issued all sorts of test certs and used them on test servers.  None of them would have shared primes presumably, because my code (much of it OpenSSL) has very fussy seeding and checks, but it would not matter at all if they did -- it's just for testing.  I would be interested to know: 

1. Were the CAs serious CAs, or just test CAs?  Can you tell?

2. Were the certs in front of things that really needed protecting?

Mike N



More information about the cryptography mailing list