On 03/22/2013 02:47 PM, Christian Huitema wrote: > Pick two prime numbers from the catalog > Multiply the two numbers to get a candidate RSA key > Check whether the resulting pattern matches the 48 bits in the IID
I think you can be quicker than that. Generating primes is easy and starts from a random number. Picking two random numbers so their product matches a bit pattern is easy. So long as the bits you want from the RSA modulus aren't the least significant bits then you'll win the game easily given the actual distribution of primes. I've only briefly scanned the draft but it does seem to be vulnerable in this way. So I basically agree this approach seems fairly trivially broken and that that's been sufficiently demonstrated on this list that further discussion really ought wait for an updated I-D. S. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------