Fwd: [Cryptography] "DarkHotel" APT routinely breaking RSA512
---------- Forwarded message ---------- From: Henry Baker <hbaker1@pipeline.com> Date: Mon, Nov 10, 2014 at 5:50 PM Subject: [Cryptography] "DarkHotel" APT routinely breaking RSA512 To: cryptography@metzdowd.com "The Darkhotel crew’s skillset allows it to launch interesting cryptographical attacks, for instance factoring 512 bit RSA keys" The keys are used to create bogus certificates, e.g., GTE CyberTrust Digisign Server iD (Enrich) flexicorp.jaring.my sha1/ RSA (512 bits) Expired 12/17/2008 12/17/2010 Equifax Secure eBusiness CA 1 Equifax Secure eBusiness CA 1 secure.hotelreykjavik.i s md5/RSA (512 bits) invalid Sig 2/27/2005 3/30/2007 http://www.net-security.org/secworld.php?id=17612 http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2014/11/dar... _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
On Mon, Nov 10, 2014 at 09:17:00PM -0500, grarpamp wrote:
---------- Forwarded message ---------- From: Henry Baker <hbaker1@pipeline.com> Date: Mon, Nov 10, 2014 at 5:50 PM Subject: [Cryptography] "DarkHotel" APT routinely breaking RSA512 To: cryptography@metzdowd.com
"The Darkhotel crew’s skillset allows it to launch interesting cryptographical attacks, for instance factoring 512 bit RSA keys"
Factoring RSA 512 is well within earthy resources as of now. Probably modest botnet (for sieving) + good machines for linear algebra will factor RSA 512 in moderate time. The interesting question is: did they some crypto breakthrough? btw, RSA cancelled their monetary challenges even for >512...
The keys are used to create bogus certificates, e.g.,
GTE CyberTrust Digisign Server iD (Enrich) flexicorp.jaring.my sha1/ RSA (512 bits) Expired 12/17/2008 12/17/2010
Equifax Secure eBusiness CA 1 Equifax Secure eBusiness CA 1 secure.hotelreykjavik.i s md5/RSA (512 bits) invalid Sig 2/27/2005 3/30/2007
http://www.net-security.org/secworld.php?id=17612
http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2014/11/dar...
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Factoring RSA 512 is well within earthy resources as of now. Probably modest botnet (for sieving) + good machines for linear algebra will factor RSA 512 in moderate time.
The interesting question is: did they some crypto breakthrough?
btw, RSA cancelled their monetary challenges even for >512...
One can factor RSA 512 with less than earthly resources. One friend of mine back in 2009 was factoring RSA 512 with a single tower machine in about two weeks. He upgraded the machine in 2011 and could do it in about ten days. Jon
On Wed, Nov 12, 2014 at 02:07:36PM -0800, Jon Callas wrote:
Factoring RSA 512 is well within earthy resources as of now. Probably modest botnet (for sieving) + good machines for linear algebra will factor RSA 512 in moderate time.
The interesting question is: did they some crypto breakthrough?
btw, RSA cancelled their monetary challenges even for >512...
One can factor RSA 512 with less than earthly resources. One friend of mine back in 2009 was factoring RSA 512 with a single tower machine in about two weeks. He upgraded the machine in 2011 and could do it in about ten days.
Jon
Didn't know it was so fast. For what time a botnet of million computers (AFAIK such exist) will do the sieving for RSA 1024 using GNFS?
participants (3)
-
Georgi Guninski -
grarpamp -
Jon Callas