[Cerowrt-devel] Fwd: TALK:Monday 12-3-12 Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

From: Dave Taht <dave.taht@gmail.com>
To: cerowrt-devel@lists.bufferbloat.net
Subject: [Cerowrt-devel] Fwd: TALK:Monday 12-3-12 Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
Date: Mon, 3 Dec 2012 21:34:02 +0100	[thread overview]
Message-ID: <CAA93jw4Gwi8vqmzeKH63-Huqqgtn_aoR2_bUgDiu3e0zncPb0g@mail.gmail.com> (raw)
In-Reply-To: <CAGhGL2BR1UAX29eiyhrUdDVL3KxjMeXGqtTMB9JSfxYb_DT=Yg@mail.gmail.com>

I don't have a link to this paper (yet), but it pretty much confirms
what I already knew...

I'd like to add more sources of entropy to cerowrt ASAP.

They didn't look at WPA, it seems, either.

---------- Forwarded message ----------
From: Jim Gettys <jg@freedesktop.org>
Date: Mon, Dec 3, 2012 at 2:31 PM
Subject: Re: TALK:Monday 12-3-12 Mining Your Ps and Qs: Detection of
Widespread Weak Keys in Network Devices
To: Dave Taht <dave.taht@gmail.com>

On Mon, Dec 3, 2012 at 12:01 AM, Csail Event Calendar
<eventcalendar@csail.mit.edu> wrote:
>
>
> CSAIL Security Seminar 2012/2013
> Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
> Speaker: Nadia Heninger
> Speaker Affiliation: Microsoft Research, New England
>
> Date: 12-3-2012
> Time: 4:00 PM - 5:00 PM
> Refreshments: 4:00 PM
> Location: Stata, G575
>
> Abstract: RSA and DSA can fail catastrophically when used with malfunctioning
> random number generators, but the extent to which these problems arise in
> practice has never been comprehensively studied at Internet scale.
>
> We perform the largest ever network survey of TLS and SSH servers and
> present evidence that vulnerable keys are surprisingly widespread. We
> find that 0.75% of TLS certificates share keys due to insufficient
> entropy during key generation, and we suspect that another 1.70% come
> from the same faulty implementations and may be susceptible to
> compromise. Even more alarmingly, we are able to obtain RSA private
> keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their
> public keys shared nontrivial common factors due to entropy problems,
> and DSA private keys for 1.03% of SSH hosts, because of insufficient
> signature randomness. We cluster and investigate the vulnerable hosts,
> finding that the vast majority appear to be headless or embedded devices. In
> experiments with three software components commonly used by these devices, we
> are able to reproduce the vulnerabilities and identify specific software
> behaviors that induce them, including a boot-time entropy hole in the Linux
> random number generator. Finally, we suggest defenses and draw lessons for
> developers, users, and the
> security community.
>
> Joint work with Zakir Durumeric, Eric Wustrow, and J. Alex Halderman.
>
>
> Bio: Nadia Heninger is a postdoctoral visiting researcher at Microsoft
> Research New England. Last year she was an NSF mathematical sciences
> postdoctoral fellow at UC San Diego. She finished her PhD in 2011 at
> Princeton.
>
> Relevant URL(S):
> For more information please contact: Raluca Ada Popa, ralucap@mit.edu
>
> _______________________________________________
> Seminars mailing list
> Seminars@lists.csail.mit.edu
> https://lists.csail.mit.edu/mailman/listinfo/seminars
>
>

-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html