
One in every 172 active RSA certificates are vulnerable to attack - LinuxBender
https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/
======
bgrainger
This attack has been known for at least seven years:
[https://eprint.iacr.org/2012/064.pdf](https://eprint.iacr.org/2012/064.pdf)
(discussion:
[https://news.ycombinator.com/item?id=3591429](https://news.ycombinator.com/item?id=3591429)).

Back then, "two out of every one thousand RSA moduli that we collected offer
no security".

~~~
kwantam
Indeed! Another publication on this topic from that time:

[https://www.usenix.org/conference/usenixsecurity12/technical...](https://www.usenix.org/conference/usenixsecurity12/technical-
sessions/presentation/heninger)

and commentary on the paper from a few years later

[https://blog.acolyer.org/2015/09/16/mining-your-ps-and-qs-
de...](https://blog.acolyer.org/2015/09/16/mining-your-ps-and-qs-detection-of-
widespread-weak-keys-in-network-devices/)

ah, and a blog post from Nadia Heninger (one of the authors) prior to
publication

[https://freedom-to-tinker.com/2012/02/15/new-research-
theres...](https://freedom-to-tinker.com/2012/02/15/new-research-theres-no-
need-panic-over-factorable-keys-just-mind-your-ps-and-qs/)

------
Someone1234
Just to nip this in the bud a little:

> In comparison, only five in 100 million certificates from Certificate
> Transparency (CT) logs share the same prime factors.

This isn't about public website's certificates. Near none are vulnerable.

This is supposedly about "power-restricted devices that can only manage low
rates of entropy due to design constraints" (e.g. IoT devices). But since
there's no clarity in this article where the authors got their "75 million
active RSA keys," specifically which IoT devices or even class of devices, it
is difficult to contextualize.

So feel free to discuss, but we don't really know exactly what we're
discussing yet.

