[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Analyzing key server data
From: |
Hanno Böck |
Subject: |
[Sks-devel] Analyzing key server data |
Date: |
Sun, 22 Mar 2015 12:58:48 +0100 |
Hi,
I think this could be interesting for a couple of people:
I had a project running in private for quite a while, I now published
the details: I wrote a script that analyzes the dumps from key servers
and puts the crypto values into a mysql database.
This can be used to search for vulnerable keys or signatures on large
scale. I did this for two potential threats: DSA signatures with
duplicate k values and RSA keys with shared factors.
The overall result is a good one: It seems OpenPGP implementations with
completely broken random number generators exist, but they are a rare
thing.
Code:
https://github.com/hannob/pgpecosystem
Background paper:
http://eprint.iacr.org/2015/262
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: address@hidden
GPG: BBB51E42
pgpSCYVmo2oVU.pgp
Description: OpenPGP digital signature
- [Sks-devel] Analyzing key server data,
Hanno Böck <=