mercredi 15 février 2012

Ron was wrong, Whit is right

Seems like we are creating quite a bit of noise with our recent survey on public key cryptography.

So, here is a little FAQ addressing the nonsense popping out in random comments of random sites on the net.

Q: But this is just the Debian bug !
A: No it isn't. It's more like a whole class of similar but unrelated bugs.

Q: OMG RSA is broken !
A: We haven't broken RSA. We have demonstrated the existence of flawed RNG implementations. You are still safe if you use a proper implementation.

Q: They claim it can be done, but they haven't, it's like these collision stuff / Saying that these keys offer no security is an overreaction
A: Yes, we have. We had the factorizations of 27k RSA moduli taken from SSL certificates not belonging to us. If/when a collection of these weak key leaks, all the tools needed to make this a practical eavesdropping attack already exist as free software.

Q: Heniger, Halderman et al. have twice as many broken keys, and have identified the source of the flaw. Most of them do not belong to real websites and pose no threat to the general public.
A: We seem to have just as many broken keys. Some numbers in the paper are based off an old dataset, and were left as-is as they are still representative of the situation. And we did know many (but not all) of them belonged to VPNs and other network devices, but didn't want to disclose it too early, for obvious reasons. It is true that popular https websites may not be at immediate risk for the general public; it is still, however, a serious matter of concern.