[SSL Observatory] Widespread RNG vulnerabilities discovered using Observatory data

Peter Eckersley pde at eff.org
Wed Feb 15 11:19:39 PST 2012


On Tue, Feb 14, 2012 at 06:11:49PM -0800, Peter Eckersley wrote:
> A team lead by Arjen Lenstra used a new (not yet published) Observatory scan
> to find tens of thousands of TLS servers with readily factorizable weak keys:
> 
> https://eff.org/deeplinks/2012/02/researchers-ssl-observatory-cryptographic-vulnerabilities
> 
> We will be working to try to let the affected server operators know that they
> need to make new keys.  We will also try to contact the CAs that issued
> certificates for vulnerable keys, though in many cases this is hard to do in
> bulk, because CA certificates do not contain email addresses :(.

This morning, we received the dataset of deployed factorizable keys from EPFL.
Although there are tens of thousands of them, it appears to us that none of
these certificates were signed by trusted CAs, which is a rather different
situation to the last time we dealt with RNG bugs exposed by the Observatory.

This seems consistent with Nadia Heninger's claim that these are
exclusively routers, VPN devices and other embedded systems:

https://www.freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs

Apologies for panicking any CAs over this, it seems as though router and VPN
manufacturers will have responsibility for responding to this problem. 

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993



More information about the Observatory mailing list