[Cryptography] 1023 nails in the coffin of 1024 RSA...
bascule at gmail.com
Sat Oct 4 16:14:24 EDT 2014
Using 1024-bit keys is silly, but PoC||GTFO
On Sat, Oct 4, 2014 at 12:08 PM, ianG <iang at iang.org> wrote:
> (some skepticism about whether this there is really a break in OpenSSL,
> but the rumour mill will no doubt throw mud on the 1024 bit part as
> OpenSSL bug allows RSA 1024 key factorization in 20 minutes
> So just a few minutes ago has finished a talk at Navaja Negra 2014, the
> third? most important security congress in Spain, where the speaker (a
> member of the organization) claimed to have found a bug in OpenSSL RSA
> key generation, which he is able to exploit to factorize N into p and q
> in around 20 minutes (on a laptop). He did a live demo. I wasn't there,
> but some friends were.
> He claimed:
> The bug originates in this lines of rsa_gen.c:
> 117 bitsp=(bits+1)/2;
> 118 bitsq=bits-bitsp;
> the main problem being that the rounding of 1025 isn't downwards but
> upwards, resulting in bitsp= 513 and bitsq=511, which, supposedly, later
> on the code and due to compiler optimizations, causes the bug.
> It affects all versions of OpenSSL.
> He is neither going to report it to the developers, nor publish
> I personally think he's full of shit, but the fact that he's a member of
> the organization and thus not only his personal prestige but also the
> organization's is at stake, makes you wonder. Anyhow, we'll see.
> I posted it yesterday to netsec but the mods removed it. Let's discuss
> it here!
> Edit 1: so my friends talked to him today, and he's serious about it. He
> says he's broken 1024 keys on Amazon clusters in 18 seconds.
> Edit 2: he claims some guy from Argentina found the same thing 6 years
> ago, and has been trying to show it on cons since then, but no con
> accepted his talk because they wouldn't believe him.
> Edit 3: he also says the attack consists in trying "probable primes",
> whose probability is generated by said bug. Might it be some variation
> on Fermat's attack?
> The cryptography mailing list
> cryptography at metzdowd.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography