oss-sec mailing list archives
Re: broken RSA keys
From: Ben Laurie <benl () google com>
Date: Wed, 11 May 2016 17:18:46 +0100
On 5 May 2016 at 10:23, Hanno Böck <hanno () hboeck de> wrote:
As a background: What we're talking about is a so-called batch-gcd attack, developed by DJB. Arjen Lenstra and Nadia Heninger were as far as I know the first ones to use this on publicly available keysets in order to find vulnerable keys.
FWIW, it was actually me and Mathias Bauer in 2004 (which may also pre-date DJB's development, I don't know - certainly we didn't get the idea from him, it was Mathias'). We looked at the PGP keyserver data, but we didn't find anything very interesting, which is probably why most people don't know it. To be entirely fair, we did pairwise GCDs, which comes to the same thing, but less efficiently...
Current thread:
- Re: broken RSA keys, (continued)
- Re: broken RSA keys Solar Designer (May 05)
- Re: broken RSA keys Daniel Kahn Gillmor (May 07)
- Re: broken RSA keys Simon McVittie (May 05)
- Re: broken RSA keys Alexander Cherepanov (May 04)
- Re: broken RSA keys Alexander Cherepanov (May 04)
- Re: broken RSA keys Hanno Böck (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: broken RSA keys Hanno Böck (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: broken RSA keys Alexander Cherepanov (May 05)
- Re: broken RSA keys Ben Laurie (May 11)