[SSL Observatory] Widespread RNG vulnerabilities discovered using Observatory data
Peter Eckersley
pde at eff.org
Tue Feb 14 18:11:49 PST 2012
A team lead by Arjen Lenstra used a new (not yet published) Observatory scan
to find tens of thousands of TLS servers with readily factorizable weak keys:
https://eff.org/deeplinks/2012/02/researchers-ssl-observatory-cryptographic-vulnerabilities
We will be working to try to let the affected server operators know that they
need to make new keys. We will also try to contact the CAs that issued
certificates for vulnerable keys, though in many cases this is hard to do in
bulk, because CA certificates do not contain email addresses :(.
I know there are many employees of CAs on this list. Please reply to Dan and
I privately if you have a good contact address for your CA. It would be even
more helpful if the CA-Browser Forum could send us a dictionary that maps
either Issuer strings or AKIDs to contact email addresses.
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the Observatory
mailing list