Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 5 May 2016 13:03:36 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: broken RSA keys

On Thu, 5 May 2016 13:34:05 +0300
Solar Designer <solar@...nwall.com> wrote:

> On Wed, May 04, 2016 at 09:18:26PM -0400, Stanislav Datskovskiy wrote:
> > older versions of GPG
> > will regard the bottom 32 bits of a modulus as the 'fingerprint',
> > rather than performing a hash.  
> 
> Are you sure? 

https://tools.ietf.org/html/rfc4880

"V3 keys are deprecated.  They contain three weaknesses.  First, it is
relatively easy to construct a V3 key that has the same Key ID as any
other key because the Key ID is simply the low 64 bits of the public
modulus."

I had forgotten about that, but it probably also explains the two
pre-2000 keys with small factors I found.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.