Fwd: [Cryptography] "DarkHotel" APT routinely breaking RSA512 - cypherpunks - lists.cpunks.org

newer
Re: [Cryptography] ISPs caught in...

Fwd: [Cryptography] "DarkHotel" APT routinely breaking RSA512

older
Fwd: [liberationtech] XMPP object...

grarpamp

11 Nov 2014 11 Nov '14

2:17 a.m.

---------- Forwarded message ---------- From: Henry Baker Date: Mon, Nov 10, 2014 at 5:50 PM Subject: [Cryptography] "DarkHotel" APT routinely breaking RSA512 To: cryptography@metzdowd.com "The Darkhotel crew’s skillset allows it to launch interesting cryptographical attacks, for instance factoring 512 bit RSA keys" The keys are used to create bogus certificates, e.g., GTE CyberTrust Digisign Server iD (Enrich) flexicorp.jaring.my sha1/ RSA (512 bits) Expired 12/17/2008 12/17/2010 Equifax Secure eBusiness CA 1 Equifax Secure eBusiness CA 1 secure.hotelreykjavik.i s md5/RSA (512 bits) invalid Sig 2/27/2005 3/30/2007 http://www.net-security.org/secworld.php?id=17612 http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2014/11/dar... _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Reply

Sign in to reply online Use email software

Show replies by date

Georgi Guninski

12 Nov 12 Nov

5:38 p.m.

On Mon, Nov 10, 2014 at 09:17:00PM -0500, grarpamp wrote:

---------- Forwarded message ---------- From: Henry Baker Date: Mon, Nov 10, 2014 at 5:50 PM Subject: [Cryptography] "DarkHotel" APT routinely breaking RSA512 To: cryptography@metzdowd.com

"The Darkhotel crew’s skillset allows it to launch interesting cryptographical attacks, for instance factoring 512 bit RSA keys"

Factoring RSA 512 is well within earthy resources as of now. Probably modest botnet (for sieving) + good machines for linear algebra will factor RSA 512 in moderate time. The interesting question is: did they some crypto breakthrough? btw, RSA cancelled their monetary challenges even for >512...

The keys are used to create bogus certificates, e.g.,

GTE CyberTrust Digisign Server iD (Enrich) flexicorp.jaring.my sha1/ RSA (512 bits) Expired 12/17/2008 12/17/2010

Equifax Secure eBusiness CA 1 Equifax Secure eBusiness CA 1 secure.hotelreykjavik.i s md5/RSA (512 bits) invalid Sig 2/27/2005 3/30/2007

http://www.net-security.org/secworld.php?id=17612

http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2014/11/dar...

_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

Reply

Sign in to reply online Use email software

Jon Callas

10:07 p.m.

New subject: [Cryptography] "DarkHotel" APT routinely breaking RSA512

Factoring RSA 512 is well within earthy resources as of now. Probably modest botnet (for sieving) + good machines for linear algebra will factor RSA 512 in moderate time.

The interesting question is: did they some crypto breakthrough?

btw, RSA cancelled their monetary challenges even for >512...

One can factor RSA 512 with less than earthly resources. One friend of mine back in 2009 was factoring RSA 512 with a single tower machine in about two weeks. He upgraded the machine in 2011 and could do it in about ten days. Jon

Reply

Sign in to reply online Use email software

Georgi Guninski

13 Nov 13 Nov

11:57 a.m.

New subject: [Cryptography] "DarkHotel" APT routinely breaking RSA512

On Wed, Nov 12, 2014 at 02:07:36PM -0800, Jon Callas wrote:

...
Factoring RSA 512 is well within earthy resources as of now. Probably modest botnet (for sieving) + good machines for linear algebra will factor RSA 512 in moderate time.

The interesting question is: did they some crypto breakthrough?

btw, RSA cancelled their monetary challenges even for >512...

One can factor RSA 512 with less than earthly resources. One friend of mine back in 2009 was factoring RSA 512 with a single tower machine in about two weeks. He upgraded the machine in 2011 and could do it in about ten days.

Jon

Didn't know it was so fast. For what time a botnet of million computers (AFAIK such exist) will do the sieving for RSA 1024 using GNFS?

Reply

Sign in to reply online Use email software

3598

Age (days ago)

3600

Last active (days ago)

Download

3 comments

3 participants

tags

participants (3)

Georgi Guninski
grarpamp
Jon Callas