[SSL Observatory] Duplicate private keys
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Apr 4 22:27:06 PDT 2011
Peter Eckersley <pde at eff.org> writes:
> SELECT `Subject Public Key Info:RSA Public Key:Exponent`,
Some comments on the code that may have produced these:
> | 17 (0x11) | 23692 |
Probably from PGP 2.x-derived code, which hardcoded 17 as the exponent.
> | 35 (0x23) | 46 |
OpenSSH bug (or at least "quirk").
> | NULL | 10 |
Dunno, Microsoft? :-).
> [16- and 32-bit values]
I've seen software from Europe, Germany I think, that does random 32-bit
exponents. As Terry Pratchett would say, "another sure sign that someone's
wearing their underpants on their head".
Peter.
More information about the Observatory
mailing list