pgp – Noise https://noise.getoto.net The collective thoughts of the interwebz Wed, 16 Mar 2022 16:35:57 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 Breaking RSA through Insufficiently Random Primes https://noise.getoto.net/2022/03/16/breaking-rsa-through-insufficiently-random-primes/ Wed, 16 Mar 2022 16:35:57 +0000 https://www.schneier.com/?p=65230 Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery.

There aren’t many weak keys out there, but there are some:

So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys are from printers from two manufacturers, Canon and Fujifilm (originally branded as Fuji Xerox). Printer users can use the keys to generate a Certificate Signing Request. The creation date for the all the weak keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351...

]]>