[Cerowrt-devel] Fwd: TALK:Monday 12-3-12 Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

Dave Taht dave.taht at gmail.com
Mon Dec 3 15:34:02 EST 2012

I don't have a link to this paper (yet), but it pretty much confirms
what I already knew...

I'd like to add more sources of entropy to cerowrt ASAP.

They didn't look at WPA, it seems, either.

---------- Forwarded message ----------
From: Jim Gettys <jg at freedesktop.org>
Date: Mon, Dec 3, 2012 at 2:31 PM
Subject: Re: TALK:Monday 12-3-12 Mining Your Ps and Qs: Detection of
Widespread Weak Keys in Network Devices
To: Dave Taht <dave.taht at gmail.com>

On Mon, Dec 3, 2012 at 12:01 AM, Csail Event Calendar
<eventcalendar at csail.mit.edu> wrote:
> CSAIL Security Seminar 2012/2013
> Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
> Speaker: Nadia Heninger
> Speaker Affiliation: Microsoft Research, New England
> Date: 12-3-2012
> Time: 4:00 PM - 5:00 PM
> Refreshments: 4:00 PM
> Location: Stata, G575
> Abstract: RSA and DSA can fail catastrophically when used with malfunctioning
> random number generators, but the extent to which these problems arise in
> practice has never been comprehensively studied at Internet scale.
> We perform the largest ever network survey of TLS and SSH servers and
> present evidence that vulnerable keys are surprisingly widespread. We
> find that 0.75% of TLS certificates share keys due to insufficient
> entropy during key generation, and we suspect that another 1.70% come
> from the same faulty implementations and may be susceptible to
> compromise. Even more alarmingly, we are able to obtain RSA private
> keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their
> public keys shared nontrivial common factors due to entropy problems,
> and DSA private keys for 1.03% of SSH hosts, because of insufficient
> signature randomness. We cluster and investigate the vulnerable hosts,
> finding that the vast majority appear to be headless or embedded devices. In
> experiments with three software components commonly used by these devices, we
> are able to reproduce the vulnerabilities and identify specific software
> behaviors that induce them, including a boot-time entropy hole in the Linux
> random number generator. Finally, we suggest defenses and draw lessons for
> developers, users, and the
> security community.
> Joint work with Zakir Durumeric, Eric Wustrow, and J. Alex Halderman.
> Bio: Nadia Heninger is a postdoctoral visiting researcher at Microsoft
> Research New England. Last year she was an NSF mathematical sciences
> postdoctoral fellow at UC San Diego. She finished her PhD in 2011 at
> Princeton.
> Relevant URL(S):
> For more information please contact: Raluca Ada Popa, ralucap at mit.edu
> _______________________________________________
> Seminars mailing list
> Seminars at lists.csail.mit.edu
> https://lists.csail.mit.edu/mailman/listinfo/seminars

Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

More information about the Cerowrt-devel mailing list