From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vb0-f43.google.com (mail-vb0-f43.google.com [209.85.212.43]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 5A19B21F1B4 for ; Mon, 3 Dec 2012 12:34:04 -0800 (PST) Received: by mail-vb0-f43.google.com with SMTP id fs19so2671704vbb.16 for ; Mon, 03 Dec 2012 12:34:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=6de5nxmPnHsBfmC0BuPIgG/7xMKvGeUGkPj5pSlHJ7w=; b=HNAtE7pZ8mBcLcWpacBwDS27CSklgyh2wopbUlQXHjbROFRxKxLoN/TOSHPTZF8qwu yxESc30P7+2X6/j5YGw5/pRK2uJcGuT6Lg0xGSpS67AQmSoLzHlouMgAErn9WzU5uAUj J8WQeAcFeI7l+iT02gw5/OnT5gRGubPNiyj1V+e00QDUZQWjAv62glL6wMwcGCxhmj1D 1kSrpEODXpJTJXYhNYzwepvzz2rv+8XkHKlrEarmetvD6jOK7Di643ZZJENj9Q6loLGw oMSImBrN7738DxjpG+EPGzs9CgZabEwWUxXrJW9jGrAFsrVV8cWyd0VSadbA8ixuCZGM 50tw== MIME-Version: 1.0 Received: by 10.52.95.34 with SMTP id dh2mr8376907vdb.69.1354566842914; Mon, 03 Dec 2012 12:34:02 -0800 (PST) Received: by 10.58.254.201 with HTTP; Mon, 3 Dec 2012 12:34:02 -0800 (PST) In-Reply-To: References: Date: Mon, 3 Dec 2012 21:34:02 +0100 Message-ID: From: Dave Taht To: cerowrt-devel@lists.bufferbloat.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] Fwd: TALK:Monday 12-3-12 Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2012 20:34:04 -0000 I don't have a link to this paper (yet), but it pretty much confirms what I already knew... I'd like to add more sources of entropy to cerowrt ASAP. They didn't look at WPA, it seems, either. ---------- Forwarded message ---------- From: Jim Gettys Date: Mon, Dec 3, 2012 at 2:31 PM Subject: Re: TALK:Monday 12-3-12 Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices To: Dave Taht On Mon, Dec 3, 2012 at 12:01 AM, Csail Event Calendar wrote: > > > CSAIL Security Seminar 2012/2013 > Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devic= es > Speaker: Nadia Heninger > Speaker Affiliation: Microsoft Research, New England > > Date: 12-3-2012 > Time: 4:00 PM - 5:00 PM > Refreshments: 4:00 PM > Location: Stata, G575 > > Abstract: RSA and DSA can fail catastrophically when used with malfunctio= ning > random number generators, but the extent to which these problems arise in > practice has never been comprehensively studied at Internet scale. > > We perform the largest ever network survey of TLS and SSH servers and > present evidence that vulnerable keys are surprisingly widespread. We > find that 0.75% of TLS certificates share keys due to insufficient > entropy during key generation, and we suspect that another 1.70% come > from the same faulty implementations and may be susceptible to > compromise. Even more alarmingly, we are able to obtain RSA private > keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their > public keys shared nontrivial common factors due to entropy problems, > and DSA private keys for 1.03% of SSH hosts, because of insufficient > signature randomness. We cluster and investigate the vulnerable hosts, > finding that the vast majority appear to be headless or embedded devices.= In > experiments with three software components commonly used by these devices= , we > are able to reproduce the vulnerabilities and identify specific software > behaviors that induce them, including a boot-time entropy hole in the Lin= ux > random number generator. Finally, we suggest defenses and draw lessons fo= r > developers, users, and the > security community. > > Joint work with Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. > > > Bio: Nadia Heninger is a postdoctoral visiting researcher at Microsoft > Research New England. Last year she was an NSF mathematical sciences > postdoctoral fellow at UC San Diego. She finished her PhD in 2011 at > Princeton. > > Relevant URL(S): > For more information please contact: Raluca Ada Popa, ralucap@mit.edu > > _______________________________________________ > Seminars mailing list > Seminars@lists.csail.mit.edu > https://lists.csail.mit.edu/mailman/listinfo/seminars > > --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html