fermat primes and dnssec-keygen bug?

G.W. Haywood bind at jubileegroup.co.uk
Thu Mar 8 12:04:23 UTC 2012

Hi there,

On Thu, 8 Mar 2012, Spain, Dr. Jeffry A. wrote:

> Other posts have alluded to the Debian openssl flaw reported in May
> 2008 (http://www.debian.org/security/2008/dsa-1571). This led to
> predictable random primes being used to generate RSA moduli ...

Just in case anyone thinks that this is a purely academic discussion,
in May 2008 when I received the Debian security advisory I did some
searching on the Internet for private keys.  Several of my own hosts'
key pairs had been published widely in hackers' forums within less
than a day of the publication of the advisory.  Here's one such pair:

-rw-r--r-- 1 root root    602 Aug 23  2007 ssh_host_dsa_key.pub.broken
-rw------- 1 root root    668 Aug 23  2007 ssh_host_dsa_key.broken
-rw-r--r-- 1 root root    602 May 14  2008 ssh_host_dsa_key.pub
-rw------- 1 root root    668 May 14  2008 ssh_host_dsa_key

It was rather worrying to find that this flaw had been available for
exploitation for nine months in the case of this particular host, very
satisfying that a policy of 'defence in depth' dropped all connection
attempts from unknown IPs, and little more than good fortune that the
affected servers were never exposed to the Internet.



More information about the bind-users mailing list