Connect with us

Its123.com

Technology Researcher uses 600-year-old algorithm to crack crypto keys found in the wild


Technology

Technology Researcher uses 600-year-old algorithm to crack crypto keys found in the wild

Cryptographic keys generated with older software now owned by technology news company Rambus are weak enough to be broken instantly using commodity hardware, a researcher reported on Monday. This revelation is part of an investigation that also uncovered a handful of weak keys in the wild. The software comes from a basic version of the SafeZone…

Technology Researcher uses 600-year-old algorithm to crack crypto keys found in the wild

technology news

Technology Stylized illustration of key.

Cryptographic keys generated with older software now owned by technology news company Rambus are weak enough to be broken instantly using commodity hardware, a researcher reported on Monday. This revelation is part of an investigation that also uncovered a handful of weak keys in the wild.

The software comes from a basic version of the SafeZone Crypto Libraries, which were developed by a company called Inside Secure and acquired by Rambus as part of its 2019 acquisition of Verimatrix, a Rambus representative said. That version was deprecated prior to the acquisition and is distinct from a FIPS-certified version that the company now sells under the Rambus FIPS Security Toolkit brand.

technology news Mind your Ps and Qs

Researcher Hanno Böck said that the vulnerable SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. (These keys can be used to secure Web traffic, shells, and other online connections.) Instead, after the SafeZone tool selects one prime number, it chooses a prime in close proximity as the second one needed to form the key.

“The problem is that both primes are too similar,” Böck said in an interview. “So the difference between the two primes is really small.” The SafeZone vulnerability is tracked as CVE-2022-26320.

Cryptographers have long known that RSA keys that are generated with primes that are too close together can be trivially broken with Fermat’s factorization method. French mathematician Pierre de Fermat first described this method in 1643.

Fermat’s algorithm was based on the fact that any odd number can be expressed as the difference between two squares. When the factors are near the root of the number, they can be calculated easily and quickly. The method isn’t feasible when factors are truly random and hence far apart.

The security of RSA keys depends on the difficulty of factoring a key’s large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q). When P and Q are known publicly, the key they make up is broken, meaning anyone can decrypt data protected by the key or use the key to authenticate messages.

So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys are from printers originally branded as Fuji Xerox but now belong to Canon. Printer users can use the keys to generate a Certificate Signing Request. The creation date for the keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351.

Böck also found four vulnerable PGP keys, typically used to encrypt email, on SKS PGP key servers. A user ID tied to the keys implied they were created for testing, so he doesn’t believe they’re in active use.

Real Life. Real News. Real Action

Zillion Things Mobile!

Read More-Visit US

Böck said he believes all the keys he found were generated using software or methods not connected to the SafeZone library. If true, other software that generates keys might be easily broken using the Fermat algorithm. It’s plausible that the keys were generated manually, “possibly by people aware of this attack creating test data,” Böck said.

The researcher found the keys by searching through billions of public keys that he had access to. He also looked at keys that were shared with him by other researchers and keys that were available through certificate transparency programs.

Subscribe to the newsletter news

We hate SPAM and promise to keep your email address safe

Continue Reading
You may also like...

Top News

News Report: WWE boss McMahon’s hush cash bill over $12 million – Business News – Castanet.net

World News

World News Report: WWE boss McMahon’s hush cash bill over $12 million – Business World News – Castanet.net

By July 15, 2022
News McMahon paid over $12M in hush cash – CP24 Toronto’s Breaking News

World News

World News McMahon paid over $12M in hush cash – CP24 Toronto’s Breaking World News

By July 15, 2022
News This UPS is built for your inner gamer and it’s on sale for Prime Day

World News

World News This UPS is built for your inner gamer and it’s on sale for Prime Day

By July 15, 2022
News It’s not true that everyone’s got a book in them: give writing back to the writers | Stephanie Merritt

World News

World News It’s not true that everyone’s got a book in them: give writing back to the writers | Stephanie Merritt

By July 15, 2022
News Behold the gameplay for Lord of the Rings: Gollum, precious

World News

World News Behold the gameplay for Lord of the Rings: Gollum, precious

By July 15, 2022

Popular Posts

News Report: WWE boss McMahon’s hush cash bill over $12 million – Business News – Castanet.net

World News

World News Report: WWE boss McMahon’s hush cash bill over $12 million – Business World News – Castanet.net

By July 15, 2022
News McMahon paid over $12M in hush cash – CP24 Toronto’s Breaking News

World News

World News McMahon paid over $12M in hush cash – CP24 Toronto’s Breaking World News

By July 15, 2022
News This UPS is built for your inner gamer and it’s on sale for Prime Day

World News

World News This UPS is built for your inner gamer and it’s on sale for Prime Day

By July 15, 2022
News It’s not true that everyone’s got a book in them: give writing back to the writers | Stephanie Merritt

World News

World News It’s not true that everyone’s got a book in them: give writing back to the writers | Stephanie Merritt

By July 15, 2022
News Behold the gameplay for Lord of the Rings: Gollum, precious

World News

World News Behold the gameplay for Lord of the Rings: Gollum, precious

By July 15, 2022
To Top