
Practical Factorization of Widely Used RSA Moduli [pdf] - programd
https://acmccs.github.io/papers/p1631-nemecA.pdf
======
programd
If I read this correctly then apparently several million hardware encryption
devices - including Yubikeys - have weak RSA keys which can be factored in a
reasonable amount of time for a few tens of thousands of dollars worth of
cloud computing power.

The Summary of results section has the really fun stuff, including vulnerable
Yubikey 4, vulnerable TPM chips in laptops, vulnerable Git keys for "crucial
open source repositories", vulnerable Estonian eIDs, and that favorite of
intelligence agencies everywhere, vulnerable SCADA systems.

