Abstract
It is common knowledge that RSA can fail when used with weak random number generators. In this paper we present two algorithms that we used to find vulnerable public keys together with a simple procedure for recovering the private key from a broken public key. Our study focused on finding RSA keys with 512 and 1024 bit length, which are not considered safe, and finding a GCD is relatively fast. One database that we used in our study is made from 42 million public keys discovered when scanning TCP port 443 for raw X.509 certificates, between June 6, 2012 and August 4, 2013. Another database used in the study was made by crawling Github and retrieving the keys used by users to authenticate themselves when pushing to repositories they contribute to. We show that the percentage of broken keys with 512 bits is 3.7 %, while the percentage of broken keys with 1024 bits is 0.05 %. The smaller value is due to the fact that factorization of large numbers includes new prime numbers, unused in the small keys.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cox, B.: Auditing Github Users’ SSH Key Quality. https://blog.benjojo.co.uk/post/auditing-github-users-keys
Cryptosense - Batch-GCDing Github SSH Keys. https://cryptosense.com/batch-gcding-github-ssh-keys/
Bernstein, D.J., Heninger, N., Lange, T.: FACTHACKS - RSA Factorization in the Real World. http://facthacks.cr.yp.to/batchgcd.html
Database with Ransomware Public Keys (from the author of the virus). https://archive.org/download/locker-ransomware-database-dump
Eckersley, P., Burns, J.: An observatory for the SSLiverse. Talk at Defcon 18 (2010). https://www.eff.org/files/DefconSSLiverse.pdf
GMP Library. https://gmplib.org/. Accessed 11 June 2015
Savage, K., Coogan, P., Lau, H.: The evolution of ransomware. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf
Bello, L.: Bug DSA-1571-1 OpenSSL Predictable Random Number Generator. http://www.debian.org/security/2008/dsa-1571
Sjouwerman, S.: Is Your Network Infected with Sleeper Ransomware? https://blog.knowbe4.com/is-your-network-infected-with-sleeper-ransomware
Total Number of Github User Accounts. http://tech.pranjalmittal.in/blog/2015/01/10/github-api-calculating-total-users-on-github/
Durumeric, Z.: Certificate Parsing with OpenSSL and C. https://zakird.com/2013/10/13/certificate-parsing-with-openssl/
Zimmerman, P., et al.: GMP-ECM (Elliptic Curve Method for Integer Factorization). https://gforge.inria.fr/projects/ecm/
Bernstein, D.J., Chang, Y.-A., Cheng, C.-M., Chou, L.-P., Heninger, N., Lange, T., van Someren, N.: Factoring RSA keys from certified smart cards: Coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 341–360. Springer, Heidelberg (2013). http://dx.doi.org/10.1007/978-3-642-42045-0_18
Cavallar, S., et al.: Factorization of a 512-bit RSA modulus. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 1–18. Springer, Heidelberg (2000). http://dl.acm.org/citation.cfm?id=1756169.1756171
Dorrendorf, L., Gutterman, Z., Pinkas, B.: Cryptanalysis of the windows random number generator. In: Proceedings of 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 476–485. ACM, New York (2007). http://doi.acm.org/10.1145/1315245.1315304
Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the HTTPS certificate ecosystem. In: Proceedings of 13th Internet Measurement Conference, October 2013
Gutmann, P.: Software generation of practically strong random numbers. In: Proceedings of 7th USENIX Security Symposium, San Antonio, Texas, 26–29 January 1998. USENIX, New York (1998)
Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: Proceedings of 21st USENIX Security Symposium, August 2012
Kleinjung, T., et al.: Factorization of a 768-Bit RSA modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010). http://dl.acm.org/citation.cfm?id=1881412.1881436
Lenstra, A.K., Hughes, J.P., Augier, M., Kleinjung, T., Wachter, C.: Ron was wrong, Whit is right. Technical report (2012)
Acknowledgments
This work partially supported by the Romanian National Authority for Scientific Research (CNCSUEFISCDI) under the project PN-II-PT-PCCA-2013-4-1651.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Barbulescu, M., Stratulat, A., Traista-Popescu, V., Simion, E. (2016). RSA Weak Public Keys Available on the Internet. In: Bica, I., Reyhanitabar, R. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2016. Lecture Notes in Computer Science(), vol 10006. Springer, Cham. https://doi.org/10.1007/978-3-319-47238-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-47238-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47237-9
Online ISBN: 978-3-319-47238-6
eBook Packages: Computer ScienceComputer Science (R0)