[cryptography] Duplicate primes in lots of RSA moduli

Ondrej Mikle ondrej.mikle at nic.cz
Thu Feb 23 18:58:34 EST 2012

On 02/24/2012 12:00 AM, Michael Nelson wrote:
> Ondrej Mikle wrote:
>> I took some first 80 results from crunching the moduli
>> and mapped them back to certificates. In EFF's SSL
>> Observatory there were 3912
> unique certs sharing those
>> factorized moduli (all embedded devices), couple
> extra
>> in other DBs.
> Could you tell us a couple of things about those certs?  I have created plenty of test CAs on my desktop and issued all sorts of test certs and used them on test servers.  None of them would have shared primes presumably, because my code (much of it OpenSSL) has very fussy seeding and checks, but it would not matter at all if they did -- it's just for testing.  I would be interested to know: 
> 1. Were the CAs serious CAs, or just test CAs?  Can you tell?

All the certs found so far were self-signed. Presumably the ones autogenerated
after first boot.

> 2. Were the certs in front of things that really needed protecting?

Possibly (judging by a few reverse IP records). Majority of those 3912 certs
point to one specific product with VPN/IPSec capabilities targeted at SOHO users
(a glorified router).


More information about the cryptography mailing list