In 2012 a group of researchers collected a large amount of RSA moduli and calculated their greatest common divisor in order to find common factors between them. By finding a common factor they could the divide and completely factorize the key. They concluded that the vulnerable moduli where generated by PRNGs with inadequate randomness. Does it necessarily mean that those key are not random?
Asked
Active
Viewed 363 times
2 Answers
2
If each key was generated by selecting two random primes of the desired length then the chance of two keys with a common prime would be incredibly small. If i'm reading How are primes generated for RSA? correctly there are about 2^502 possible 512 bit primes (prime length is half modulus length, so a 1024 bit RSA key would use 512 bit primes).
Since keys have been found which share a prime and the chance of that happening with randomly selected primes is so incredibly small the only reasonable conclusion is that the primes were not selected randomly.
Peter Green
- 1,613
- 1
- 11
- 17
1
Pretty much.
The prime numbers for those keys were generated from random number sources with bad entropy. Entropy is really just a human measurement of how unpredictable something is. Entropy sources responsible for the common RSA factors hadn't had enough "random stuff" input to them to get mixed around, so they output data that tended to be the same across many devices. Some more info
B-Con
- 6,196
- 1
- 31
- 45