[Cryptography] "NSA could put undetectable “trapdoors” in millions of crypto keys"

[Tom Mitchell]

On Tue, Oct 11, 2016 at 12:24 PM, Ray Dillinger <bear at sonic.net> wrote:
>
> On 10/11/2016 08:56 AM, Jerry Leichter wrote:
>
> > Basically the researchers describe a way to generate primes for which
> number sieve is much easier if you know the secret

.....

> So there is now a potentially very large undetectable class of
> weak keys.
>
> I suppose the prudent thing to do would be to behave as if there
> has been a breakthrough in factoring such that primes now require
> about twice as many bits

  <http://www.metzdowd.com/mailman/listinfo/cryptography>
Yes, It seems prudent to behave as if there has been a breakthrough.
But that begs the question of what specific actions are prudent.

First, It seems prudent to replace the tools that generate these fragile
primes.

Perhaps it is the tests of primality in the tools that is allowing a
predictable
set of  keys.  Or perhaps allowing some composite numbers that look prime
to be used.

 "The researchers were able to break one of these weakened 1,024-bit primes
in slightly
   more than two months using an academic computing cluster of 2,000 to
3,000 CPUs."

The apparent issue that I smell is there is a more bounded set of generated
primes
being generated than expected and that bounded set of generated primes
allows a lookup table
to operate in a parallel attack.

Compromised systems now used by criminals have vastly more power than
academic clusters so I smell a need for multiple "security" agencies to
worry around the globe.    The big providers and the fortune 5000 need to
craft a plan...

The big folk like Google and Amazon have the resources to play this game
and test their own keys.

Interesting....










-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161011/af8911b1/attachment.html>