The security firm Keyfactor recently presented information proving that about 250,000 RSA keys are vulnerable to compromise.
The report was based on the examination of 175 million RSA certificates and keys. Researchers mined active and publicly available RSA keys to identity any common factors. Keyfactor said Any keys sharing one of their prime factors with another key are compromised by this technique.
In the end 435,000 certificates were found to have a shared factor from which researchers were able to rederive the private key.
"In a real-world attack scenario, a threat actor with a re-derived private key for an SSL/TLS server certificate could impersonate that server when devices attempt to connect," said JD Kilgallin, senior integration engineer and researcher at Keyfactor. "The connecting user or device cannot distinguish the attacker from the legitimate certificate holder, opening the door to critical device malfunction or exposure of sensitive data."
An RSA spokesperson told SC Media "the RSA algorithm has stood the test of time for more than 40 years and typically when one finds a purported weakness, it is rarely endemic to the algorithm. Instead, a weakness might be introduced when translating the mathematical ideas into computer code. Issues with specific implementations of the RSA algorithm are not indicative of problems with RSA products."
The findings were released at the first IEEE Conference on Trust, Privacy and Security in Intelligent Systems and Applications on December 14.
The 175 million certificates were rounded up using Keyfactor’s SSL/TLS certificate discovery capabilities along with 100 million available through certificate transparency logs and analyzed on a single virtual machine in Microsoft Azure, using Keyfactor's scalable GCD algorithm to find shared factors.
The Keyfactor researchers noted that if the certificates were exploited the damage could be massive considering the number of IoT and other connected devices.
“The research stresses the importance of security best practices, random number generation for connected systems and use of cryptography to securely install firmware and software updates through the lifecycle of the device,” the company said.