Last year, we put online security test tool for RSA keys. It checks a public key for shared factors with our large test set of keys. We recently upgraded it to parse more key formats including PKCS#1, OpenSSH, X509 certificates and X509SubjectPublicKey, and also added a Web API for bulk tests.
It seemed like a good opportunity to repeat the experiments of Heninger et al who in 2012 crawled the Internet for RSA keys from SSH and TLS keys and were able to factor 16 717 out of 11 170 883 distinct moduli using batch-GCD. Those 16 717 distinct keys were served on 64 081 TLS hosts and 1 013 SSH hosts.
Following their methodology, we harvested 21 334 901 public-facing TLS and SSH keys and ran our batch-GCD implementation over them. The result: 19 803 unique factored moduli, served on 49 736 TLS hosts and 1 196 SSH hosts.
For both TLS and SSH keys, the proportion of keys factorized is about 1/3 what is was in 2012 (1 in 700 TLS keys and 1 in 10 000 SSH hostkeys). We compared our factored keys to those in the Heninger et al dataset. There is almost no overlap – 18 750 (95%) of the keys we factored are new keys, presumably generated since 2012.
Too important to be left to chance.
In 2012, Heninger et al showed that the weak keys seem to come from embedded devices with faulty random number generators. They identified the worst culprits. One possibility is that since then, new embedded devices have been released with new faults in their entropy generation.
We’re working with the team at Masaryk University, Brno behind the recent USENIX paper on identifying RSA key generators to identify where these keys come from. In the meantime, you can test keys at keytester.cryptosense.com. Note that we don’t just compare your key to our list of factored ones, we run a live batch GCD against all 23 Million keys in the database and then email you the result.
If you generated your keys using a common library on a “warm” server there is no reason to believe your key will be broken. But if you have operate a large network in particular with many embedded devices, you might be interested in our Web API that allows you to send large batches of keys for testing. Get in touch to find out more.