SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys Found in the Wild
Date    Thursday May 19 2022, @11:53AM
Author    janrinok
Topic   
from the dept.
https://soylentnews.org/article.pl?sid=22/05/18/0612209

upstart writes:

Researcher uses 379-year-old algorithm to crack crypto keys found in the wild:

Cryptographic keys generated with older software now owned by technology company Rambus are weak enough to be broken instantly using commodity hardware, a researcher reported on Monday. This revelation is part of an investigation that also uncovered a handful of weak keys in the wild.

The software comes from a basic version of the SafeZone Crypto Libraries, which were developed by a company called Inside Secure and acquired by Rambus as part of its 2019 acquisition of Verimatrix, a Rambus representative said. That version was deprecated prior to the acquisition and is distinct from a FIPS-certified version that the company now sells under the Rambus FIPS Security Toolkit brand.

Researcher Hanno Böck said that the vulnerable SafeZone library doesn't sufficiently randomize the two prime numbers it used to generate RSA keys. (These keys can be used to secure Web traffic, shells, and other online connections.) Instead, after the SafeZone tool selects one prime number, it chooses a prime in close proximity as the second one needed to form the key.

"The problem is that both primes are too similar," Böck said in an interview. "So the difference between the two primes is really small." The SafeZone vulnerability is tracked as CVE-2022-26320.

Cryptographers have long known that RSA keys that are generated with primes that are too close together can be trivially broken with Fermat's factorization method. French mathematician Pierre de Fermat first described this method in 1643.

A little old but interesting nonetheless. Implementation details matter.

[ed. note. - The youtube channel ComputerPhile also has a decent video explaining the issue. - fnord]

Original Submission

Links
  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Researcher uses 379-year-old algorithm to crack crypto keys found in the wild" - https://arstechnica.com/information-technology/2022/03/researcher-uses-600-year-old-algorithm-to-crack-crypto-keys-found-in-the-wild/
  3. "2019 acquisition" - https://www.rambus.com/rambus-completes-acquisition-of-the-verimatrix-silicon-ip-secure-protocols-and-provisioning-business/
  4. "Hanno Böck" - https://hboeck.de/
  5. "Fermat's factorization method" - https://en.wikipedia.org/wiki/Fermat's_factorization_method
  6. "first described this method in 1643" - https://madhavamathcompetition.com/tag/fermats-factorization-method/
  7. "explaining the issue" - https://www.youtube.com/watch?v=-ShwJqAalOk
  8. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=55252
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Researcher Uses 379-Year-Old Algorithm to Crack Crypto Keys Found in the Wild on 2024-04-19 18:04:38