#!/usr/local/bin/perl -s do 'bigint.pl';
s/.|\n/$c=&badd(&bmul ($c,256),ord$&)/ge;$_=$k;s/./$r=&bmod(&bmul($r,$r),$x),$&?$r=&bmod(&bmul($r,$c ),$x):0,""/ge;($r,$t)=&bdiv($r,256),$_=pack(C,$t).$_ while$w--+1-2*$d;print}
Source: RSA in 5 lines of perl
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
via Exclusive: Secret contract tied NSA and security industry pioneer | Reuters.
RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness.
An interesting link came up in the Slashdot comment section. From: [Cfrg] Requesting removal of CFRG co-chair
I’d like to request the removal of Kevin Igoe from CFRG co-chair.
The Crypto Forum Research Group is chartered to provide crypto advice to IETF Working Groups. As CFRG co-chair for the last 2 years, Kevin has shaped CFRG discussion and provided CFRG opinion to WGs.
Kevin’s handling of the “Dragonfly” protocol raises doubts that he is performing these duties competently. Additionally, Kevin’s employment with the National Security Agency raises conflict-of-interest concerns.
LOL. No one trusts the NSA anymore.
An RSA public key (e,N) consists of an exponent e and a modulus N. The modulus is the product of two randomly chosen prime numbers p and, q. If p and q are known, it is straightforward to derive the private key. However, if they are unknown, one must factor N into p and q, which requires intensive computing resources. However, let’s assume that two keys with modulus N1 and N2 share one of the factors: N1 = p1 x q and N2 = p2 x q. In this case, finding the greatest common divisor of N1 and N2, which is q, is sufficient to factor these two moduli. The task of finding the greatest common divisor of two 1024-bit integers is much simpler than factoring and can be done in microseconds…
This well known vulnerability of RSA can be exploited in the context of low entropy keys. Poor random number generation can indeed lead to multiple keys sharing one of their factors. Heninger found that more than 60’000 keys (approximately 0.5%) they had collected could be factored in this way.
via Quantis Newsletter – September 2012.