On Sat, Feb 18, 2012 at 5:37 PM, Kurt Roeckx <[email protected]> wrote: > On Sat, Feb 18, 2012 at 05:28:41PM +0100, Stanislav Meduna wrote: >> On 18.02.2012 17:02, Edward Ned Harvey wrote: >> >> > So these studies went out and scoured the internet, collecting public keys >> > from every service they could find, which amounts to something like 1-2 >> > million servers, and they scanned them all for identical keys and/or shared >> > factors. They found approx 1 in every 250 internet-facing servers >> > "randomly" chose the same keys or key factors, thus completely broken >> > cryptography, and the owners are unaware because they thought they chose >> > random keys. >> >> Any link to the studies? - I was not able to find anything relevant. > > I believe he's talking about: > http://eprint.iacr.org/2012/064 > > Which at least the following people talking about it: > http://dankaminsky.com/2012/02/14/ronwhit/ > https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs
To be fair, the second link isn't really talking about it, it is independent (and, IMO, rather better) research. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
