Re: openssl-blacklist & two keys per one pid

To: Florian Weimer <fw@deneb.enyo.de>
Cc: Jan Tomasek <jan@tomasek.cz>, Kees Cook <kees@ubuntu.com>, Jamie Strandboge <jamie@ubuntu.com>, debian-security@lists.debian.org
Subject: Re: openssl-blacklist & two keys per one pid
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
Date: Tue, 20 May 2008 11:42:13 +0200
Message-id: <[🔎] 6C7F66DB-D41C-4997-A1D8-C982944DE5D2@webweaving.org>
In-reply-to: <[🔎] 874p8urs0s.fsf@mid.deneb.enyo.de>
References: <[🔎] 4830B725.7070104@tomasek.cz> <[🔎] 20080518233458.GF12850@outflux.net> <[🔎] 874p8u5vyx.fsf@mid.deneb.enyo.de> <[🔎] 451143B7-9F52-4826-88DE-9FC8E48E27B8@webweaving.org> <[🔎] 87prri314b.fsf@mid.deneb.enyo.de> <[🔎] 3B800331-AD38-4AB7-868F-8B94AFDB65B5@webweaving.org> <[🔎] 87wslq1ll5.fsf@mid.deneb.enyo.de> <[🔎] E22FA658-464C-480E-B312-BE899EFFC630@webweaving.org> <[🔎] 4831D767.3090704@tomasek.cz> <[🔎] 874p8urs0s.fsf@mid.deneb.enyo.de>


On May 19, 2008, at 9:52 PM,  Jan Tomasek <Florian Weimer> wrote:

I do not trust dowkd.pl script because
it lacks info where keys were taken.

...

We did not want to publish this information in order to give system.

Do bear in mind that the public key consists of 1) the modulus and 2)the public (or encryption) exponent; whereasthe private key consists of, again, 1) the modulus and 2) the private(or decryption) exponent which must be kept secret.


They are called n and e and n and d respectively in most literature.

So note that the Modulus is in BOTH - and hence is known on the'outside'** regardless which way round RSA is used.

Thus sharing*** the Modulus is not exactly that troublesome; andbuilding trust by making your results verifiable* is probably moreimportant - given that the bad guys got a 5 days headstart -and-generating a keyspace takes not much time.


Dw

*: lots of eyes makes bugs shallow, allow for spot checks, etc.

**: For those on IRC which where not convinced; try openssl s_client -connect www.amazon.com:443 -showcerts | openssl x509 -noout -modulus(which will only show the first - pipe to file to get all).***: The private key is sometimes stored in a different form, as thep,q factors of n - in which case all aspects of the private key aresensitive - people occasionally assume that that makes the modulussensitive too.

Reply to:

References:
- openssl-blacklist & two keys per one pid
  - From: Jan Tomasek <jan@tomasek.cz>
- Re: openssl-blacklist & two keys per one pid
  - From: Kees Cook <kees@ubuntu.com>
- Re: openssl-blacklist & two keys per one pid
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: openssl-blacklist & two keys per one pid
  - From: Dirk-Willem van Gulik <dirkx@webweaving.org>
- Re: openssl-blacklist & two keys per one pid
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: openssl-blacklist & two keys per one pid
  - From: Dirk-Willem van Gulik <dirkx@webweaving.org>
- Re: openssl-blacklist & two keys per one pid
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: openssl-blacklist & two keys per one pid
  - From: Dirk-Willem van Gulik <dirkx@webweaving.org>
- Re: openssl-blacklist & two keys per one pid
  - From: Jan Tomasek <jan@tomasek.cz>
- Re: openssl-blacklist & two keys per one pid
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: openssh remote upgrade procedure?
Next by Date: Re: openssh remote upgrade procedure?
Previous by thread: Re: openssl-blacklist & two keys per one pid
Next by thread: Re: openssl-blacklist & two keys per one pid
Index(es):
- Date
- Thread