[Cryptography] 1023 nails in the coffin of 1024 RSA...

ianG iang at iang.org
Sat Oct 4 15:08:42 EDT 2014

(some skepticism about whether this there is really a break in OpenSSL,
but the rumour mill will no doubt throw mud on the 1024 bit part as well...)

OpenSSL bug allows RSA 1024 key factorization in 20 minutes



So just a few minutes ago has finished a talk at Navaja Negra 2014, the
third? most important security congress in Spain, where the speaker (a
member of the organization) claimed to have found a bug in OpenSSL RSA
key generation, which he is able to exploit to factorize N into p and q
in around 20 minutes (on a laptop). He did a live demo. I wasn't there,
but some friends were.

He claimed:

    The bug originates in this lines of rsa_gen.c:

    117 bitsp=(bits+1)/2;
    118 bitsq=bits-bitsp;

    the main problem being that the rounding of 1025 isn't downwards but
upwards, resulting in bitsp= 513 and bitsq=511, which, supposedly, later
on the code and due to compiler optimizations, causes the bug.

    It affects all versions of OpenSSL.

    He is neither going to report it to the developers, nor publish

I personally think he's full of shit, but the fact that he's a member of
the organization and thus not only his personal prestige but also the
organization's is at stake, makes you wonder. Anyhow, we'll see.

I posted it yesterday to netsec but the mods removed it. Let's discuss
it here!

Edit 1: so my friends talked to him today, and he's serious about it. He
says he's broken 1024 keys on Amazon clusters in 18 seconds.

Edit 2: he claims some guy from Argentina found the same thing 6 years
ago, and has been trying to show it on cons since then, but no con
accepted his talk because they wouldn't believe him.

Edit 3: he also says the attack consists in trying "probable primes",
whose probability is generated by said bug. Might it be some variation
on Fermat's attack?

More information about the cryptography mailing list