P.S. Problem still exists in Version 0.9.8zh.
Regards, Felix Am 21.12.2015 12:00, schrieb Felix: > Hello, > > I found out, that in openssl 0.9.8 a check is missing for duplicate > primes of p and q, see below. This is relevant when generating RSA-Keys: > > > root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl > genrsa 128 > Generating RSA private key, 128 bit long modulus > .......+++++++++++++++++++++++++++ > .+++++++++++++++++++++++++++ > e is 65537 (0x10001) > p:DBF7DA8B44ADCDD1 Phase 1 q:DBF7DA8B44ADCDD1 -----BEGIN RSA PRIVATE > KEY----- > MGICAQACEQC+ePfpNx2CzoNDm/Aejm7HAgMBAAECEF/t7vYfUxaga1+R+6EPYiEC > CQDdrD6E0hkhFwIJANv32otErc3RAgkAz2HVG21zFQECCEW9PRKugZQhAgg9HQ6/ > Pr0Uvg== > -----END RSA PRIVATE KEY----- > root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl > genrsa 128 > Generating RSA private key, 128 bit long modulus > .+++++++++++++++++++++++++++ > .+++++++++++++++++++++++++++ > e is 65537 (0x10001) > p:DC32B965793AF86F Phase 1 q:C6F919F7AAA5EC71 -----BEGIN RSA PRIVATE > KEY----- > MGUCAQACEQCrJX8Qy0q3bw5VN6G1mPz/AgMBAAECEQCbPCOI5BwdTE4K+TuIwOaB > AgkA3DK5ZXk6+G8CCQDG+Rn3qqXscQIJAKbu/YZkRcSZAgkAnE+DS+K+uLECCQCu > HHeujcFd/Q== > -----END RSA PRIVATE KEY----- > root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl > genrsa 128 > Generating RSA private key, 128 bit long modulus > .........+++++++++++++++++++++++++++ > ...+++++++++++++++++++++++++++ > e is 65537 (0x10001) > p:EFAB9BC12A217257 Phase 1 q:C4B0A783D183DA55 -----BEGIN RSA PRIVATE > KEY----- > MGMCAQACEQC4JMYPVKDUPrZfVf8B/gzjAgMBAAECEQCd8r0IbVi+c84EAM4bn4jR > AgkA76ubwSohclcCCQDEsKeD0YPaVQIIaHDg8+E3KAsCCELVeAZdof0FAgkAyqHj > yqUIUes= > -----END RSA PRIVATE KEY----- > root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl > genrsa 128 > Generating RSA private key, 128 bit long modulus > ..+++++++++++++++++++++++++++ > .+++++++++++++++++++++++++++ > e is 65537 (0x10001) > p:CA1A6069FBCE0E6B Phase 1 q:CA1A6069FBCE0E6B -----BEGIN RSA PRIVATE > KEY----- > MGUCAQACEQDIjp/x7uVVrCNdf9Y1SpStAgMBAAECEQCyNiIkPe7lN1KFh4ubrk8V > AgkA/gq1dP5Y/0cCCQDKGmBp+84OawIJALlWjL4XFkzfAgkArBEa5wD4pXMCCQDW > mLQFBXBWbw== > -----END RSA PRIVATE KEY----- > root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl > genrsa 128 > Generating RSA private key, 128 bit long modulus > ...+++++++++++++++++++++++++++ > .+++++++++++++++++++++++++++ > e is 65537 (0x10001) > p:F4D74AA8BE84C4A3 Phase 1 q:D83D57FC191345D1 -----BEGIN RSA PRIVATE > KEY----- > MGICAQACEQDO0FJxcT23cfxgf5/WfXgTAgMBAAECECNo7cS4o92FmsN9eYgtFiEC > CQD010qovoTEowIJANg9V/wZE0XRAghhDEkqk8HakwIJAKFKKD12qqRxAggvO+Uz > yUnU6g== > -----END RSA PRIVATE KEY----- > root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# > > > As, in my environment, p qnd q are identical in about 50% of the > cases, this is in my opinion a big security hole, because p and q can > be determined from N by calculating the square-root of N. > > I will try to test this with a newer release of openssl as well. > > Thank you. > > Regards, > > Felix _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev