Skip to main content

Crypto experts analyze millions of X.509 certificates, call RSA crypto flawed

posted onFebruary 15, 2012
by l33tdawg

Cryptography researchers collected millions of X.509 public-key certificates that are publicly available over the web and found what they say is a shockingly high frequency of duplicate RSA-moduli keys.

"We performed a sanity check of public keys collected on the web,” the researchers state in their paper, published today and titled "Ron was wrong, Whit is right." The researchers, who include Arjen Lenstra, James Hughes, Maxime Augier, Joppe Bos, Thorsten Kleinjung and Christophe Wachter, note in the paper that they found a shockingly high number of duplicate secret keys in what is supposed to be unique random-number generation in RSA-based moduli.

The researchers said in an examination of 6.4 million distinct X.509 certificates and PGP keys containing RSA moduli, 71,052 (1%) occur more than once, some of them thousands of times. "Overall, over the data we collected, 1024-bit RSA provides 99.8% security at best," the paper states.



Encryption RSA

You May Also Like

Recent News

Tuesday, March 20th

Monday, March 19th

Friday, March 16th

Thursday, March 15th

Wednesday, March 14th

Tuesday, March 13th