oss-sec mailing list archives
Re: OpenSSL RSA 1024 bits implementation broken?
From: Pierre Schweitzer <pierre () reactos org>
Date: Mon, 06 Oct 2014 22:48:36 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for your feedback Dave. Then, some naive question: are we sure that OpenSSL as shipped in distributions is tested against such regressions (if such test actually exists)? It's indeed something that a compiler might break (be it due to a bug or due to an optimization). He might be using OpenSSL as shipped in his distribution. This would be quite damaging. Reproducibility in behavior is kinda critical here to make sure we're always cryptosecure. On 06/10/2014 17:30, Dave Horsfall wrote:
On Mon, 6 Oct 2014, Pierre Schweitzer wrote:There appear to have some noise on the Internet regarding a possible flaw in the 1024 bits RSA implementation in OpenSSL which would allow bruteforcing the private key in ~20 minutes. Does anyone has any information about this? The associated pastebin to the said information is: http://pastebin.com/D8itq6Ff Is this serious?On the moderated crypto list where I hang out, it's receiving much attention. The consensus is that it's likely a buggy compiler or optimiser that rounded integer division upwards instead of truncating it as required by the C standard, and that the "discoverer", by refusing to provide further details, is full of it. You may be able to search the archives at cryptography () metzdowd com; as I said it's a moderated list, but full of techie people who really know their onions. -- Dave
- -- Pierre Schweitzer <pierre at reactos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUMwAkAAoJEHVFVWw9WFsLlxYQAJTvHKnVPcLzs8LPHwmn68oV lpLeHfMXLICAO8z/xRURIi9VFryg6uMyzRwBfVVvCYxsfMy1y1TxDZR+txxV3bl4 GICcrggLj8w0xy9m81mBcy8mTH3GRGzY4rOZT/+cUr6vx9Ab0ISzkvBLZge9ashh 3jSFBu9lXKUWk3oswZiVmGCIEJOYLvGYTEY8vA3OnIv6Cu0DSufTFP44a7r63LTz 7XRPS+4JjD3YTJu3iZZqvKzHXM3rZ4fK6qXbzzokBudLGaXO8WkKbMmOjTKl1Rep eujZ8CBvlbv29/z07ziiQ2/dlZGsYhEvn7+qhIY9gWwcKgndQcw+ERzOroUQvONP URbPn52+b2vwrM0hFhah7N0iCvWsLsWqH8M38EMK4HS/wMGqBVI+nWIW+gdKM40/ stK2eVXwKofyGagEXiPkCeqTxCvU5Rte41skXyWAKrRZQOBI/i7LP309pV+/e1V+ jRsbtTHsMRvWEYRr2zTiKmtRPOriTZ9HBcguYDUXAV5seDDLIkWfVIEpH7AmPW23 j4eQib+gmS2Og0RxNFv46mj7KG1NVcnLOSRcScXAyctNBE/HPyqdbzyyDxGK5mfU 9nIf2mAR4jcW2+iBbS7xQVs0OOEY7HO5dJRRD5MKUdUGcR+HZKu/TwJcswEDTDG9 ZRjrlEpGLcrB2qBdXCUW =ABev -----END PGP SIGNATURE-----
Current thread:
- OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? David White (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Dave Horsfall (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
- <Possible follow-ups>
- Re: OpenSSL RSA 1024 bits implementation broken? Steve Kemp (Oct 06)