-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phuctor reported popping keys 6EF3D2C0BA64734A3C0425B21EB0CAA26FE81A7C and EFD9448A5FE501B107C32AD15AB4C1237924BE94 at 20:32:51 GMT yesterday. The shared factor is 3100568694595076734686979820330253089614865506425934747234722044220976925441335217738426027833105034245 6445126481343091027696015873408329180286505324090208791356401685488632594573639626011967028852284987701 0967115630719364594515514565864083475198410533100792088012571668579091700397319607658923685438658044430 5286529066624341477320563024789004984638956787358622173523575700630550890562046936247939825607494279930 3909984882283079716566423141876709031507883553455452314931202170711277559709938918157034624428381091843 733176552634481080290679291021661954570523305447050841482495845936945694373844932850748050349261100319 which appears to be a prime number. The exponent and other metadata associated with the keys seem intact. Apparently the modules in question belong to the 2016 and 2015 signing keys of an entity identifying itself as "seclab@airgapped.sec.t-labs.tu-berlin.de", which in the biosphere maps to TU Berlin (Technische Universitat Berlin)'s "Institut Fur Softwaretechnick und Theoretische Informatik"'s IT Security Lab, an entity with long running connections to the BND (Germany's version of the NSA) as well as a substantial trail of published CompSec papers. The keys had been submitted that same day at 13:50:45.642313 via the self-serve web interface, and were factored immediately thereafter because of the shared factor. Peace in our time. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJYKhfbAAoJEFq0wSN5JL6UDfkQAJ7gcI1tNyYZimZ1N9BxRXu3 tftSv1aPGe8zEUYzZVSrk6dIp9sm0AjqxtDG56179Gz+RkQ8ydHgKd6qOwHOPz+I gsjqB9uU8XqxH83mN33JjW70I7/ZGH/S+H1e+zxeBzORwaXdA2KEXw4xaypU4mzV IcOP/xIfrN7+aoe0DeEgRsvDEBsJA3GnN90P3T5VbHNrOQZuy6kbYi63FRDWXT5j h3FZ25TL5WajBorz0Klzf3UN5kV59TpQsXmQj3jtgeG0Mxaq328qnHGDxIIGIvXJ wFojfkdJUfXg6AMW30txdCEfGb90SOiDxLtVCyXBiONhZ0b6Y/EAqU33bPVIoN3S hksBKH4OA4IFPTnh1rJhiC9jAehQFiBj/NzXAsAZsDsYHK0XirQ4jxsmPmywMIRR SAy1j+RgXla9XPUyj7Ha8Zgmd+BDpKUqj8CRVdQe+PDNYTk/J7TYFRLCEw9rZ6Tp 671/xDb7CDpnXJperJCts5L9k71ELmvg2FyPoQMitmhKFV73VXup4kfcylYOhJIP qRRtS+2VyRKetfaNZ4pACqy1BGivkAtLMZrojQppAAD/K0axLBGFhkxlmsWJdrI0 q5piCtxQeCb+VtwFqN9ei/eu9YMKkn9RIxZdwhCNmVkBWcOZGYlYa80pzKRuJzFL FYxTT+UTb7lJr9tuabVp =aVsu -----END PGP SIGNATURE----- PS the pubkey is here for your amusement : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mQINBFaFwYABEADtmRfrcv5LKDukO9mPFj3FMx1H3e73MZ0eM5qyzL+pEuekHA8C YoyFilEVeNFzoKtCXfv+PVDSeWSaBIfKHv807iILwTsgfyOC121BTshJeE39Tchs W08brGCXbXN9sBiruU4U9Mkc7422tqSe1+zjHQVCgakiJOutmcm6/ZtJMbMTXg4D rlVVlRK6Q3JQcP/5kSgx1Jp3wu7v3htVfGhFFm1AGu2vc9167+KmwfWpC3piIHa5 fx+uhZdSXc2miG9za3OZDjcaXEJOgC5um4RpmKbc4Kj04hl2GTc/ll3aRu6O5HqE yyBxMhwOxBhlAvoD7fSmNDcGlEDRt4iJ9o7e35NWuLVd9ltduzWP8GBu610VtKQz 0IKjX7zflal1Yd4MmbTyB/MmxUzRQJP3fiBjx4KhSm38fkWADNh+gA0th1mV/wHT VAKSclKD7farx4xPWrp0IrVjBx4s+yLgmSzL3fjPlmz27uqOoVYXdcwX2IynOizK S8QVHTgJh7rFJuOVtdAfmExJtbkc0HzkN++btdejX7CZAy+Lwq/LyL7wBnKIM3gp 8eVocX+Z0sDxOiNzL3EeIN79b4VTPGrCk0uUaiVuhHKzpLJMsw/y0sWVmEZCXO6B 72OLTwVIUAV0N78ut7yjTpZxJTeJya0k+uk35lp8SFDOwrwxFMt6aKeGAQARAQAB tEJTZWNsYWIgU2lnbmluZyBLZXkgMjAxNiA8c2VjbGFiQGFpcmdhcHBlZC5zZWMu dC1sYWJzLnR1LWJlcmxpbi5kZT6JAj4EEwECACgFAlaFwYACGwMFCQH0+gAGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFq0wSN5JL6UYRAQAIpbEAL2rOsn5tQY bo3KvR/eC8FFPZ8B3KyP+RMbhA0hV+H68sonkXQdx2xLsr9+umZ1QscXLSv5bDTp gTCsSJ4q2/PMzKtXSPtp8bki6BAIrNfVnEncJ9IE/YzhOhDZmGEgMoEenxR4/Pwx Po/xd/Vva4mIwI3U41js1MyzVQNHJQkO0KVsRxpTLcaJCGwgrPpn3vEmFXp1diEZ AcBZvNAlQFPNn7Lurk5Rh8zUsIVAbuIDNTFLfb03GPK+oq/aTfjG4cAaldyWb9T9 E4me9wCjmgfrKjem0pqVNKBPL6sv0xH6BakPkj7FxFMDanaXStcH/3Po5DL0JvtT xc8SS+elFresfaoymq3wL98ES4aTlEXsxjw0StYZmaneeUHUW6iAnkvp3kxrwKbg xYczM/zSi86Mrw/rihW77VuyrKMJvbD+XNhjBAjnemPkvBg4REk53Y432q7YoKIs o3591XH8E3TzbvXJ5tlkiD/NLQX7KxkUBlSUsPIVOhCPoyqAD/28X345gf4Ciazo jZ4XfY/0gZA8aPIJpSKigDR7cbQp23jtk1SLnQhMqrv5k4l+5Jd/W9yy5/RAmEtz CmFPdtAHK4+wKK7LZdYKbeKQuB77w8yEQqo3Cd+UzoINUXbXvm8HlXJPXOE/wd54 u4nn1epDxJbiu+tyfJgebGaP8y4Q =I1WF -----END PGP PUBLIC KEY BLOCK-----
This just in:
Date: Mon, 14 Nov 2016 21:07:48 +0100
From: Jan Nordholz
To: [snip]
Subject: Re: PGP key factored
Hi,
> A PGP key appearing to belong to your organization has been publicly factored,
>
> http://phuctor.nosuchlabs.com/gpgkey/341F5F22B677175F46A2C6F87A2F74BADC483E18EB1E656570344DD213EE327C
just for the record: you've apparently been used by (at least) one of our
students who couldn't be bothered to run (11*10)/2 Euclids on his own. The
two keys sharing a prime factor belong to an 11-key training set we use in
one of our courses (and which will never be exposed to the public anyway).
Thanks for the notice and best regards,
Jan Nordholz, TU Berlin
Nice story, thanks for sharing.
The topic of today's discussion however is "How were these keys generated ?"
As riveting as unverifiable anecdotes may be, let's try and stick to it.
Lol this is easily the best "unhappen" yet. So as the story goes, a secret key that exists and is regularily updated since 2006 suddenly — but deliberately! — gets a shared factor in 2016, as part of a didactic exercise which consists of doing euclids and other calisthenics. As a sub-plot thickener, it is for the first time announced that it takes 11*10/2 operations to obtain a 600+ digit prime factor in Berlin, which is somewhat cheaper than anywhere else.
We are entertaint.
The "unhappenings" are always my favourite part of this business.
"As a sub-plot thickener, it is for the first time announced that it takes 11*10/2 operations to obtain a 600+ digit prime factor in Berlin, which is somewhat cheaper than anywhere else."
If you have 11 moduli, and you GCD() each pair, how many times do you have to call GCD()?
Answer: 55 times.
Unless you live in Anon's Derpcity of course, where stupid tax is due.
And what happens if you run the 2015/2016 pair first ?