
Fast algorithm for finding RSA keys with shared prime factors - robinhouston
http://11011110.livejournal.com/241173.html
======
willvarfar
current guessing is bad PRNG seeds
[https://plus.google.com/114134834346472219368/posts/TKQUf47p...](https://plus.google.com/114134834346472219368/posts/TKQUf47pxaa)

~~~
gcp
Isn't the software that generated the key derivable from the key itself? Even
if it doesn't tag the key explicitly, there's probably a fingerprint in the
default allowed algorithms etc.

If it's a fixed vulnerability, the keys would belong to a certain date range
etc.

Will be interesting to see what turns up.

~~~
tonfa
This paper points to OpenSSL with low entropy RNG being the culprit:
[https://freedom-to-tinker.com/blog/nadiah/new-research-
there...](https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-
need-panic-over-factorable-keys-just-mind-your-ps-and-qs)

