Researcher Hanno Böck said that the vulnerable SafeZone library doesn't sufficiently randomize the two prime numbers it used to generate RSA keys. (These keys can be used to secure Web traffic, shells, and other online connections.) Instead, after the SafeZone tool selects one prime number, it chooses a prime in close proximity as the second one needed to form the key.
"The problem is that both primes are too similar," Böck said in an interview. "So the difference between the two primes is really small." The SafeZone vulnerability is tracked as CVE-2022-26320.
Cryptographers have long known that RSA keys that are generated with primes that are too close together can be trivially broken with Fermat's factorization method. French mathematician Pierre de Fermat first described this method in 1643.
Fermat's algorithm was based on the fact that any odd number can be expressed as the difference between two squares. When the factors are near the root of the number, they can be calculated easily and quickly. The method isn't feasible when factors are truly random and hence far apart.
The security of RSA keys depends on the difficulty of factoring a key's large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q). When P and Q are known publicly, the key they make up is broken, meaning anyone can decrypt data protected by the key or use the key to authenticate messages.
arstechnica.com
"The problem is that both primes are too similar," Böck said in an interview. "So the difference between the two primes is really small." The SafeZone vulnerability is tracked as CVE-2022-26320.
Cryptographers have long known that RSA keys that are generated with primes that are too close together can be trivially broken with Fermat's factorization method. French mathematician Pierre de Fermat first described this method in 1643.
Fermat's algorithm was based on the fact that any odd number can be expressed as the difference between two squares. When the factors are near the root of the number, they can be calculated easily and quickly. The method isn't feasible when factors are truly random and hence far apart.
The security of RSA keys depends on the difficulty of factoring a key's large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q). When P and Q are known publicly, the key they make up is broken, meaning anyone can decrypt data protected by the key or use the key to authenticate messages.
Researcher uses 379-year-old algorithm to crack crypto keys found in the wild
It takes only a second to crack the handful of weak keys. Are there more out there?
arstechnica.com