[Sks-devel] Analyzing key server data

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Analyzing key server data

From:	Hanno Böck
Subject:	[Sks-devel] Analyzing key server data
Date:	Sun, 22 Mar 2015 12:58:48 +0100

Hi,

I think this could be interesting for a couple of people:

I had a project running in private for quite a while, I now published
the details: I wrote a script that analyzes the dumps from key servers
and puts the crypto values into a mysql database.

This can be used to search for vulnerable keys or signatures on large
scale. I did this for two potential threats: DSA signatures with
duplicate k values and RSA keys with shared factors.

The overall result is a good one: It seems OpenPGP implementations with
completely broken random number generators exist, but they are a rare
thing.

Code:
https://github.com/hannob/pgpecosystem

Background paper:
http://eprint.iacr.org/2015/262

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: address@hidden
GPG: BBB51E42

pgpSCYVmo2oVU.pgp
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Analyzing key server data, Hanno Böck <=
- Re: [Sks-devel] Analyzing key server data, Daniel Roesler, 2015/03/22
  - Re: [Sks-devel] Analyzing key server data, Daniel Kahn Gillmor, 2015/03/22

Prev by Date: [Sks-devel] keyserver.pch.net updated
Next by Date: Re: [Sks-devel] Analyzing key server data
Previous by thread: [Sks-devel] keyserver.pch.net updated
Next by thread: Re: [Sks-devel] Analyzing key server data
Index(es):
- Date
- Thread