Back in October we published new results from our online RSA keytester. Despite the potency of this method of factoring (calculating the GCD of a large sample of keys) being well-known since at least 2012, we were still able to factor keys of almost 50 000 Internet-facing HTTPS servers.

This month a new article by Marcella Hastings, Joshua Fried and Nadia Heninger of the University of Pennsylvania appeared at the Internet Measurement Conference. It traces the evolution of weak RSA keys on Internet-facing devices since 2010, using the same factorisation method.

The paper is worth reading in detail, but here are two key findings:

• Despite all the publicity around the original results, the raw number of vulnerable devices is pretty much the same as back in 2012.
• Most of the vulnerable keys are new keys, some from new products released as recently as 2015.

This is consistent with our own results, though the researchers were able to go much further in tracking down some of the vendors of the affected products, leading to at least one CVE form Huawei. But several vendors did not respond, and the bottom line is that not many devices are getting patched (the biggest improvement came in 2014 when a bunch of vulnerable devices were taken offline as a reaction the the Heartbleed vulnerability).

This is serious because the flaw allows an attacker to passively decrypt TLS traffic (since most of the devices only support RSA TLS key exchange, using the same broken RSA key as the certificate). The researchers explain the consequences of this:

Among the vulnerable devices that we examined, HTTPS is used primarily to serve remote management interfaces. Many of the vulnerable firewalls also use TLS to encrypt SSL VPN connections. An attacker who is able to decrypt connections to one of these devices may obtain administrative credentials for the device or view remote user traffic to internal network resources.

Testing for weak keys

You can submit a key to our free GCD engine for testing for common factors with our database of 23 million keys.

To find keys on Internet-facing services, you can use our discovery tool and submit the keys directly. For large scale tests or internal scanning, we offer a paid service – get in touch for more details.