Researchers Find Same RSA Encryption Key Used 28,000 Times

← Back to Stories (view on slashdot.org)

Researchers Find Same RSA Encryption Key Used 28,000 Times

Posted by timothy on Tuesday March 17, 2015 @04:13AM from the well-if-it-workef-for-that-guy dept.

itwbennett writes In the course of trying to find out how many servers and devices are still vulnerable to the Web security flaw known as FREAK, researchers at Royal Holloway of the University of London found something else of interest: Many hosts (either servers or other Internet-connected devices) share the same 512-bit public key. In one egregious example, 28,394 routers running a SSL VPN module all use the same 512-bit public RSA key.

27 of 132 comments (clear)

Min score:

Reason:

Sort:

Know what's worse? Cleartext. by Iamthecheese · 2015-03-17 04:18 · Score: 3, Insightful

This is a real problem and I don't mean to minimize it. But weak encryption is infinitely better than none, and the solution to this is immensely easier than the solution to the many, many wholly unencrypted connections that are happening this very moment. I think we should prioritize getting all connections everywhere encrypted somehow.

--
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
1. Re:Know what's worse? Cleartext. by Anonymous Coward · 2015-03-17 04:46 · Score: 4, Funny
  
  Like this: https://xkcd.com/538/
2. Re:Know what's worse? Cleartext. by 93+Escort+Wagon · 2015-03-17 04:50 · Score: 2
  
  The latter, pretty obviously. Whenever we've heard news about WPA2 exploits trumpeted, invariably it's boiled down to brute forcing very weak passwords - which would be equally problematic for any other encrypted communication method, including ssh.
  
  --
  #DeleteChrome
3. Re:Know what's worse? Cleartext. by msauve · 2015-03-17 04:54 · Score: 4, Insightful
  
  I suspect his problem with it is that he confuses it with WEP.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
4. Re:Know what's worse? Cleartext. by chrysosphinx · 2015-03-17 04:55 · Score: 5, Insightful
  
  Weak, bad or fake encryption is infinitely much worse than none, because it makes people believe they are safe while they are not.
5. Re:Know what's worse? Cleartext. by Charliemopps · 2015-03-17 05:45 · Score: 2
  
  You can crack WPA-2 in a trivial amount of time. I've got a friend in school for security right now... he pulled an app off a public website, got it running on my computer in minutes and before we were done with dinner he had my wifi password. I knew it could be done, but I had no idea there were public tools for doing it, and it would take so little time. The tool even played a little "TaDa!" sound like vintage windows when it had the password. And this wasn't an easy password either. 12 characters, alpha-numeric, special characters, etc...
6. Re:Know what's worse? Cleartext. by the+order+of+His+Maj · 2015-03-17 05:54 · Score: 2
  
  He's probably referring to TKIP and thinking it is the only method available for WPA2.
  
  TKIP has a few vulnerabilities (as detailed here and elsewhere) but as noted in the Wikipedia entry, none of them retrieved the key, and relied on short packets with mostly known content, and were not able to inject many packets (3-7), and the packets they could inject were fairly short (28 bytes, then 596 in a later attack).
  
  None of that sounds at all like WEP's 56bit worthlessness.
  
  While I prefer 1 and 10Gbit wired Ethernet, I have no problem with WPA2-Personal and even WPA is fine for low risk activities, although I have it disabled on all my access points.
  
  (off topic, where in blazes did they hide the setting to change your signature? Damn Dice and their crappy playing around with /. *grumbles*)
  
  --
  __
  ipsa scientia potestas est
  "knowledge itself is power" - Francis Bacon
7. Re:Know what's worse? Cleartext. by TechyImmigrant · 2015-03-17 06:07 · Score: 4, Insightful
  
  You are talking about breaking passwords, not the encryption scheme, which comes later.
  Password -> PMK -> 4 way handshake (session key establishment) -> Authenticated encryption (link cipher).
  A 12 character, alphanumeric + special character password, uniformly generated is about 70 bits of entropy. The pbkdf2 invocation to generate the PMK has 4096 iterations, causing the brute force attack to need to perform on average ~ 2^81 hashes before finding a password. This would not happen over lunch.
  Did your friend's tool actually break WEP instead of WPA-2? Or did you have a weak password? Or were you using a weak EAP method? Or what other form of BS are you talking?
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
8. Re:Know what's worse? Cleartext. by Anonymous Coward · 2015-03-17 06:33 · Score: 2, Funny
  
  Well, you just told us the passphrase ...
9. Re:Know what's worse? Cleartext. by Ginger+Unicorn · 2015-03-17 06:52 · Score: 3, Insightful
  
  Weak or bad encryption is not worse in the situation where the person doesn't care if they're safe, or isn't even aware that there's a safety issue. Which is the vast majority of the time.
  
  --
  (1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
10. Re:Know what's worse? Cleartext. by Anonymous Coward · 2015-03-17 08:24 · Score: 2, Informative
  
  Any of the WPS methods will give an attacker the WPA/WPA2 key if he can "authenticate" against them. WPS-PIN is specified in a way that it is likely to result in bad implementations which dramatically reduce the number of PINs an attacker has to try in order to gain access. Many routers used an implementation of WPS-PIN that was flawed that way, and quite a lot of those routers ignored the "WPS off" switch in the web interface and always offered their flawed WPS-PIN method. Additionally, even if WPS-PIN is implemented the correct way, it is no match for the security of WPA/WPA2: A seven character numeric PIN (the eighth digit is a checksum) has only 23 bits of entropy, and on many routers that's all that stands between an attacker and your 128bit WPA/WPA2 preshared key, particularly on those which don't rate-limit WPS-PIN tries.
  WPS is only irrelevant if it is (actually) disabled.
11. Re:Know what's worse? Cleartext. by ericloewe · 2015-03-17 09:41 · Score: 2
  
  WPS never really worked well, with ultra-crummy driver support on the device end.
  Disabling WPS-PIN really is no loss.
So Out Them! by bill_mcgonigle · 2015-03-17 04:25 · Score: 3, Interesting

"That's just laziness on the part of a manufacturer," Paterson said in a phone interview. "This is cardinal sin."

Then it deserves at least social shaming and ostracism, if not worse than those minor responses to venial sins. Protecting the manufacturers only creates an environment where the incentives are aligned for them to do it again. If manufacturers aren't keenly aware that they need to protect their reputation, then they will cut every corner that doesn't provide them a competitive advantage.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
this whole "security" thing is bogus by swschrad · 2015-03-17 04:25 · Score: 2

there is no such thing as security any more using the common models and parameters. got to step it up, without fallback to silliness like 512 bit keys. the bigger problem is nobody has been bankrupted and sent to jail yet, so the impetus is not there to fix it as the first priority of business.

--
if this is supposed to be a new economy, how come they still want my old fashioned money?
I imagine .... by PPH · 2015-03-17 04:30 · Score: 4, Insightful

... some vendor built a router or server up to the point of generating the public/private key pair, tested it, saved the image and started copying it to production units.
Similar mistake have been made before.

--
Have gnu, will travel.
Poor first sentence by in10se · 2015-03-17 04:34 · Score: 5, Informative

First line of the article:
"What if the key to your house was shared with 28,000 other homes?"
The fact is, you very well might share the key to your house with more than 28000 other homes. Common lock brands you can buy at Home Depot, Lowe's, etc. create a surprisingly low number of different key/tumbler combinations.

--
Popisms.com - Connecting pop culture
1. Re:Poor first sentence by bobbied · 2015-03-17 04:45 · Score: 3, Insightful
  
  So having a lock really is an advantage... Well, actually it doesn't matter to a thief anyway.
  I once had the window broken in my car so they could steal my wife's purse... The doors where unlocked, but they broke the window anyway.
  I guess the issue here is that the "key" is easily changed in this case. You don't need to have the guy at the home improvement store rekey it for you...
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
2. Re:Poor first sentence by 93+Escort+Wagon · 2015-03-17 04:55 · Score: 4, Funny
  
  Cars, too.
  Funny anecdote: Quite some years ago, my wife and I were over at another couple's house for our semi-regular game of Pinocle. After we called it an evening, I went out the door and accidentally got into their Ford Escort (at the time, they owned one that was a very similar color to ours - plus it was night). They stood there and laughed at me... and then I started their car with my key.
  
  --
  #DeleteChrome
3. Re:Poor first sentence by Snotnose · 2015-03-17 05:05 · Score: 2
  
  First line of the article: "What if the key to your house was shared with 28,000 other homes?"
  Several years ago I found myself in this situation. I worked night shift, getting home between 2-3 AM. One night I unlocked my door, opened it, and just had time to think "WTF, this isn't my living room" when some guy came running up with "hey, who are you!!!".
  The place I was renting was WW2 era housing, a group of rectangular buildings next to each other, each with 8 apts (think | | | | | |). I had the upper unit in the back, turns out my key worked on *every* upper back unit in each building. Talked to one of my neighbors, his key also worked in every building that corresponded to his unit.
  Trust me, we all had new locks within 24 hours.
4. Re:Poor first sentence by Greyfox · 2015-03-17 05:18 · Score: 2
  
  Yeah, I replaced the locks on a couple of doors a couple of years ago and was surprised to find the new key worked just as well on a couple of the other locks that I hadn't replaced. Actually not that surprised, really. There aren't that many tumblers and not that many combinations of them. The keys to your house would probably work on a lot more than 28,000 doors across the country, if you tried them. I wouldn't suggest trying them, though. That'll get you shot in a lot of places.
  Fact of the matter is, locks aren't much of a discouragement at all. A criminal is just as likely to break a window or kick a door down to get in. My parents have been robbed a couple of times over the years. The first time, the robbers came in through a bedroom window that I believe was not locked. It wasn't broken, in any event. The second time, more recently, the robbers just kicked their door down.
  The best thing to do is make your house a less inviting target than your neighbor's house. But lock and home security is a whole other slashdot story!
  
  --
  I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
5. Re:Poor first sentence by Obfuscant · 2015-03-17 05:31 · Score: 4, Informative
  
  turns out my key worked on *every* upper back unit in each building.
  
  That's just lazy on the part of your landlord. It's easier for him if all his units share the same lock so he has only one key to carry around.
  But common house keys? Yes, relatively few "combinations". I'm looking at mine, bought from a big-box home outlet store. Five lands -- that's the flat areas where the pins rest when the key is inserted. I didn't count them when I rekeyed my locks, but it's about five pin lengths. Let's see, 5^5 is 3125 different keys. Six pin lengths would be only about 15,000 different sets.
  My work keys have 6 or 7 lands, but the security of those is reduced because each pin has at least two valid lengths. There is actually a published method for taking a bunch of key blanks and a valid key and figuring out the master.
  If you want to know how locks work, go buy a new lock for a house and the rekey kit for it. It's fun. While each kit is "different" (or is supposed to be), with a bit of looking you can find two kits with the same pin lengths just in a different order so you can rekey two locks the same. (The kits I bought had colors for the pins.)
  For cars, I heard a long time ago that Toyotas were prime theft targets not because of the value but because there were a limited number of dealer master keys and the crooks had copies.
6. Re:Poor first sentence by karolgajewski · 2015-03-17 07:48 · Score: 2
  
  Hmm... sounds like a key party rather than an unlikely occurrence.
  
  --
  - .k. -
7. Re:Poor first sentence by Cramer · 2015-03-17 10:38 · Score: 2
  
  That had to be a long time ago. Today, even 'tho the key fits and turns, the electronic security codes won't match. (assuming there is a traditional key.)
  That said, my '84 Ford and my sister's '90 Ford had the same ignition key, but different door keys. That's before such electronic security, and when there was a "door" key.
So easy to find by kooky45 · 2015-03-17 04:37 · Score: 4, Interesting

Just scanned the /16 next to my home broadband and found a number of repeated certificate hashes and all belonging to systems identifying themselves as
*.myfoscam.org/organizationName=ShenZhen Foscam Intelligent Technology Co,Ltd
Seems to be a network enabled camera.
1. Re:So easy to find by kooky45 · 2015-03-17 05:12 · Score: 3, Interesting
  
  And done the /8 now and another common ones are
  commonName=UBNT/organizationName=Ubiquiti Networks Inc.
  commonName=TS Series NAS/organizationName=QNAP Systems Inc.
  commonName=Vigor Router/organizationName=DrayTek Corp.
  commonName=homenet.telecomitalia.it/organizationName=TELECOM ITALIA SPA
  commonName=localdomain/organizationName=Axentraserver Default Certificate 863B4AB
  In fact, there are duplicate hashes appearing all over the place so it's an endemic problem.
Re:That's money savings by Imagix · 2015-03-17 04:58 · Score: 2

Ahem. Unlike you, manufacturers can get keys which can sign other keys. Which means they can buy 1 key and generate as many sub-keys as they like.
Re:That's money savings by tburkhol · 2015-03-17 05:23 · Score: 2

These are not certificates. They're not validated by any trusted authority. These are host keys: you generate them yourself for the cost of electricity. You could have your router generate its own keys the first time it starts up for the cost of a couple seconds delay.