fermat primes and dnssec-keygen bug?

[G.W. Haywood]

Hi there,

On Thu, 8 Mar 2012, Spain, Dr. Jeffry A. wrote:

> Other posts have alluded to the Debian openssl flaw reported in May
> 2008 (http://www.debian.org/security/2008/dsa-1571). This led to
> predictable random primes being used to generate RSA moduli ...

Just in case anyone thinks that this is a purely academic discussion,
in May 2008 when I received the Debian security advisory I did some
searching on the Internet for private keys.  Several of my own hosts'
key pairs had been published widely in hackers' forums within less
than a day of the publication of the advisory.  Here's one such pair:

-rw-r--r-- 1 root root    602 Aug 23  2007 ssh_host_dsa_key.pub.broken
-rw------- 1 root root    668 Aug 23  2007 ssh_host_dsa_key.broken
-rw-r--r-- 1 root root    602 May 14  2008 ssh_host_dsa_key.pub
-rw------- 1 root root    668 May 14  2008 ssh_host_dsa_key

It was rather worrying to find that this flaw had been available for
exploitation for nine months in the case of this particular host, very
satisfying that a policy of 'defence in depth' dropped all connection
attempts from unknown IPs, and little more than good fortune that the
affected servers were never exposed to the Internet.

--

73,
Ged.