[Enigmail] Lenstra's paper

Find in this group all groups

Home Log In Sign Up FAQ

Unknown

more information…

e : enigmail@mozdev.org

15 February 2012 • 10:33AM -0500

[Enigmail] Lenstra's paper
by Robert J. Hansen

Google me that

REPLY TO AUTHOR

Google me that

REPLY TO GROUP

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Arjen Lenstra and James Hughes have a new paper out
(http://eprint.iacr.org/2012/064.pdf) which has been receiving a lot of
press in everything from Slashdot to the New York Times.  The takeaway
that most of the press outlets are giving us is that 0.2% of all RSA
keys are weak, breakable and/or useless.

Don't believe the hype.  :)

In a nutshell, what Lenstra and Hughes did was look through millions of
RSA and Elgamal keys looking for a particular kind of weak certificate.
They found this weak certificate about 0.2% of the time.  This is
interesting but it's not troubling, because there's no evidence those
0.2% of certificates were in use.  The keyserver community never throws
away a certificate, ever, and that makes drawing conclusions kind of
dicey.

As an example: when GnuPG 1.0 was first released it supported Elgamal
signing keys.  This feature was removed a few years ago after subtle and
pernicious bugs were found in the Elgamal signing code.  GnuPG made a
big announcement about this, the GnuPG developers examined each
certificate on the keyserver network looking for affected certificates
(and, I assume, emailed the owners warning them of the problem), and
these users were given ample opportunity to migrate to safer algorithms.

Those certificates still exist on the servers.  If you were looking for
"how many certificates use bad and/or broken Elgamal," you'd get a
nonzero number, too, because those old, broken certificates still exist
on the servers despite their owners having migrated to newer certificates.

So, 0.2% of RSA certificates have serious bugs in them.  That's a very
interesting data point and one that should be looked into more.  But
right now, without knowing if those bollixed-up RSA certificates were
generated ten years ago by buggy software and superseded nine years ago
when a fix was generated, we shouldn't assume there's an enormous
problem.  It's possible those certificates are misleading artifacts
still hanging out on the keyservers, much like those Elgamal signing keys.

For now, the best advice I can give you is this: don't panic.  It's all
okay.  :)

-----BEGIN PGP SIGNATURE-----

iFYEAREIAAYFAk87GYcACgkQI4Br5da5jhC+LQDghY2WYvWfnI1eYb5WcwauA/Bn
0OTFryv6QdkY/QDdG8zRUq+FdibDZGjJLGe3OzhBL6CpUlHWzra86w==
=Xtpi
-----END PGP SIGNATURE-----
_______________________________________________
Enigmail mailing list
Enigmail@mozd...
https://www.mozdev.org/mailman/listinfo/enigmail

Bookmark with:

Delicious

Digg

Facebook

StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.