Arjen Lenstra and James Hughes have a new paper out
(http://eprint.iacr.org/2012/064.pdf) which has been receiving a lot of
press in everything from Slashdot to the New York Times. The takeaway
that most of the press outlets are giving us is that 0.2% of all RSA
keys are weak, breakable and/or useless.
Don't believe the hype. :)
In a nutshell, what Lenstra and Hughes did was look through millions of
RSA and Elgamal keys looking for a particular kind of weak certificate.
They found this weak certificate about 0.2% of the time. This is
interesting but it's not troubling, because there's no evidence those
0.2% of certificates were in use. The keyserver community never throws
away a certificate, ever, and that makes drawing conclusions kind of
As an example: when GnuPG 1.0 was first released it supported Elgamal
signing keys. This feature was removed a few years ago after subtle and
pernicious bugs were found in the Elgamal signing code. GnuPG made a
big announcement about this, the GnuPG developers examined each
certificate on the keyserver network looking for affected certificates
(and, I assume, emailed the owners warning them of the problem), and
these users were given ample opportunity to migrate to safer algorithms.
Those certificates still exist on the servers. If you were looking for
"how many certificates use bad and/or broken Elgamal," you'd get a
nonzero number, too, because those old, broken certificates still exist
on the servers despite their owners having migrated to newer certificates.
So, 0.2% of RSA certificates have serious bugs in them. That's a very
interesting data point and one that should be looked into more. But
right now, without knowing if those bollixed-up RSA certificates were
generated ten years ago by buggy software and superseded nine years ago
when a fix was generated, we shouldn't assume there's an enormous
problem. It's possible those certificates are misleading artifacts
still hanging out on the keyservers, much like those Elgamal signing keys.
For now, the best advice I can give you is this: don't panic. It's all