
Crypto shocker: four of every 1,000 public keys provide no security - mcobrien
http://arstechnica.com/business/news/2012/02/crypto-shocker-four-of-every-1000-public-keys-provide-no-security.ars
======
DanBC
(<http://news.ycombinator.com/item?id=3591429>)

(<http://news.ycombinator.com/item?id=3591386>)

------
cstuder
Please note that there is another article here which provides some more
information and another choice of words:
<http://news.ycombinator.com/item?id=3593653>

------
michael_dorfman
Wow, what a terrible headline. Even by the usual linkbait standards, this is
egregious.

~~~
gjm11
It's not that bad.

" _Crypto shocker_ ": well, yes, it is shocking and it is about crypto.

" _four of every 1,000_ ": 27,000 out of 7.1 million from the researchers'
current collection. (Most of the paper is based on an older version of their
collection, for which the figure is more like 2.7 out of every 1,000.)

" _public keys_ ": this is the least accurate bit; it applies only to RSA
keys, not to all public keys. That's pretty bad -- though, according to the
paper, somewhat over half of the public keys in their sample are in fact RSA
rather than ElGamal or DSA or anything else.

" _provide no security_ ": the paper says "... that offer no security".
Perhaps "no security" is slightly overstated -- the keys are vulnerable only
to attackers who can be bothered to do much the same work as these researchers
did -- but they make it clear that doing that work is far from being rocket
science, and that there are "people who know how to do the computation
quickly".

What about this justifies saying that "even by the usual linkbait standards,
this is egregious"?

------
willvarfar
<http://news.ycombinator.com/item?id=3593709> is more coverage here on HN

