[Cryptography] Norbert Tihanyi: How to Backdoor OpenSSL's key generation
Henry Baker
hbaker1 at pipeline.com
Tue Jan 12 10:13:34 EST 2016
FYI -- In case you weren't paranoid enough, already...
Generate 2048-bit primes p, s.t. p-1 has only small factors.
Factorized by Pollard in a few minutes on a laptop. Bzzzzt!!!
Get Comodo to issue you a (really weak) certificate. Double Bzzzzt !!!
Qualsys SSL Labs gives it an A+ rating.
Norbert Tihanyi Modification of the prime generation method of the OpenSSL library
Published on Dec 21, 2015
https://www.hacktivity.com
Random numbers are very important in many fields of computer science, especially in cryptography. One of the most important usages of pseudorandom number generators (PRNG) are is key generation methods for cryptographic purposes. In this presentation a modification of the prime generation method of the OpenSSL library will be presented. The modified version of the library passes every well-known statistical tests (e.g NIST test, DIEHARD test), however while an adversary is still able to reconstruct the prime numbers (P,Q) from the public key. The method can be used for malicious purposes as a sophisticated backdoor.
The presented research is based on the theory of kleptography and a recently published research paper.
https://www.youtube.com/watch?v=s2pglUN45rM
More information about the cryptography
mailing list