Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
- 講者Nadia Heninger 博士 (Microsoft Research New England)
邀請人:楊柏因 - 時間2012-11-14 (Wed.) 14:00 ~ 15:00
- 地點資訊所新館106演講廳
摘要
We performed the largest ever network survey of TLS and SSH servers and found that a surprisingly large fraction of cryptographic keys in our survey were vulnerable or completely compromised due to faulty implementations of random number generators. We were able to cluster and investigate the vulnerable hosts, finding that the vast majority were headless or embedded devices. In this talk, I will describe how RSA and DSA can fail catastrophically when used with malfunctioning random number generators, how we uncovered these problems, and discuss specific software behaviors that induce them. Finally, I will suggest defenses and draw lessons for developers, users, and the security community.