<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Sep 10, 2018 at 4:45 AM Ray Bellis <<a href="mailto:ray@isc.org" target="_blank">ray@isc.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 09/09/2018 18:51, Mark Elkins wrote:<br>
> Just for the record, although I do look from a curiosity point of view<br>
> for Identical Key ID's once every few month - I've never seen them -<br>
> until now.<br>
> <br>
> Now I have them - generated by BIND within a few days of each other...<br>
><br>
> I've been running DNSSEC for 7 years and have around 400 DNSSEC keys for<br>
> 133 signed Domains.<br>
> I'm a smallish Registrar for ZA domains.<br>
> <br>
> Never assume a KeyID is unique. :-)<br>
<br>
It's inevitable that they won't be.<br>
<br>
With only a 16 bit key tag space (and in 2016 Roy Arends discovered that<br>
the effective space is only 15 bits) then due to the birthday collision<br>
paradox you only need of the order of sqrt(32k) different keys to get a<br>
50% chance of a collision.<br>
<br></blockquote><div><br></div><div><div class="gmail_default" style="font-family:verdana,sans-serif">This reminds me of some interesting (well, interesting to me :-)) related research Ben Laurie and I did around that time -- while looking at the distribution of generated keys I noticed that OpenSSL / GnuTLS generate a different distribution than e.g mbedTLS.</div></div><div class="gmail_default" style="font-family:verdana,sans-serif">OpenSSL / GnuTLS optimize the generation of primes by setting the least significant bits (fair, they have to be odd to be primes :-)) but also clear the most significant bits of both P and Q (to ensure that the product of P & Q do not overflow) -- this results in a key with less bits of "security" than most would expect...</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">W</div><div class="gmail_default" style="font-family:verdana,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif"><br></span></div><div class="gmail_default" style="font-family:verdana,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif"><br></span></div><div class="gmail_default" style="font-family:verdana,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif"><br></span></div><div class="gmail_default" style="font-family:verdana,sans-serif"><span style="font-family:Arial,Helvetica,sans-serif"> </span><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Ray<br>
<br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="m_7740311244943697982gmail_signature" data-smartmail="gmail_signature">I don't think the execution is relevant when it was obviously a bad idea in the first place.<br>This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.<br> ---maf</div></div>