fermat primes and dnssec-keygen bug?
bind at jubileegroup.co.uk
Thu Mar 8 12:04:23 UTC 2012
On Thu, 8 Mar 2012, Spain, Dr. Jeffry A. wrote:
> Other posts have alluded to the Debian openssl flaw reported in May
> 2008 (http://www.debian.org/security/2008/dsa-1571). This led to
> predictable random primes being used to generate RSA moduli ...
Just in case anyone thinks that this is a purely academic discussion,
in May 2008 when I received the Debian security advisory I did some
searching on the Internet for private keys. Several of my own hosts'
key pairs had been published widely in hackers' forums within less
than a day of the publication of the advisory. Here's one such pair:
-rw-r--r-- 1 root root 602 Aug 23 2007 ssh_host_dsa_key.pub.broken
-rw------- 1 root root 668 Aug 23 2007 ssh_host_dsa_key.broken
-rw-r--r-- 1 root root 602 May 14 2008 ssh_host_dsa_key.pub
-rw------- 1 root root 668 May 14 2008 ssh_host_dsa_key
It was rather worrying to find that this flaw had been available for
exploitation for nine months in the case of this particular host, very
satisfying that a policy of 'defence in depth' dropped all connection
attempts from unknown IPs, and little more than good fortune that the
affected servers were never exposed to the Internet.
More information about the bind-users