Cryptographic keys generated with older software now owned by technology company Rambus are weak enough to be broken instantly using commodity hardware, researcher Hanno Böck reported on Monday.
The software comes from a basic version of the SafeZone Crypto Libraries, which were acquired by Rambus as part of a 2019 acquisition.
Böck says that the vulnerable SafeZone library doesn't sufficiently randomize the two prime numbers it used to generate RSA keys. Instead, after the SafeZone tool selects one prime number, it chooses a prime in close proximity as the second one needed to form the key.
Cryptographers have long known that RSA keys that are generated with primes that are too close together can be broken with Fermat's factorization method, first described by French mathematician Pierre de Fermat in 1643.
From Ars Technica
View Full Article