Today In Accidental Insecurity

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Phuctor reported popping keys 6EF3D2C0BA64734A3C0425B21EB0CAA26FE81A7C and EFD9448A5FE501B107C32AD15AB4C1237924BE94 at 20:32:51 GMT yesterday. 

The shared factor is

3100568694595076734686979820330253089614865506425934747234722044220976925441335217738426027833105034245
6445126481343091027696015873408329180286505324090208791356401685488632594573639626011967028852284987701
0967115630719364594515514565864083475198410533100792088012571668579091700397319607658923685438658044430
5286529066624341477320563024789004984638956787358622173523575700630550890562046936247939825607494279930
3909984882283079716566423141876709031507883553455452314931202170711277559709938918157034624428381091843
733176552634481080290679291021661954570523305447050841482495845936945694373844932850748050349261100319

which appears to be a prime number.

The exponent and other metadata associated with the keys seem intact. Apparently the modules in question belong to the 2016 and 2015 signing keys of an entity identifying itself as "seclab@airgapped.sec.t-labs.tu-berlin.de", which in the biosphere maps to TU Berlin (Technische Universitat Berlin)'s "Institut Fur Softwaretechnick und Theoretische Informatik"'s IT Security Lab, an entity with long running connections to the BND (Germany's version of the NSA) as well as a substantial trail of published CompSec papers. 

The keys had been submitted that same day at 13:50:45.642313 via the self-serve web interface, and were factored immediately thereafter because of the shared factor.

Peace in our time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJYKhfbAAoJEFq0wSN5JL6UDfkQAJ7gcI1tNyYZimZ1N9BxRXu3
tftSv1aPGe8zEUYzZVSrk6dIp9sm0AjqxtDG56179Gz+RkQ8ydHgKd6qOwHOPz+I
gsjqB9uU8XqxH83mN33JjW70I7/ZGH/S+H1e+zxeBzORwaXdA2KEXw4xaypU4mzV
IcOP/xIfrN7+aoe0DeEgRsvDEBsJA3GnN90P3T5VbHNrOQZuy6kbYi63FRDWXT5j
h3FZ25TL5WajBorz0Klzf3UN5kV59TpQsXmQj3jtgeG0Mxaq328qnHGDxIIGIvXJ
wFojfkdJUfXg6AMW30txdCEfGb90SOiDxLtVCyXBiONhZ0b6Y/EAqU33bPVIoN3S
hksBKH4OA4IFPTnh1rJhiC9jAehQFiBj/NzXAsAZsDsYHK0XirQ4jxsmPmywMIRR
SAy1j+RgXla9XPUyj7Ha8Zgmd+BDpKUqj8CRVdQe+PDNYTk/J7TYFRLCEw9rZ6Tp
671/xDb7CDpnXJperJCts5L9k71ELmvg2FyPoQMitmhKFV73VXup4kfcylYOhJIP
qRRtS+2VyRKetfaNZ4pACqy1BGivkAtLMZrojQppAAD/K0axLBGFhkxlmsWJdrI0
q5piCtxQeCb+VtwFqN9ei/eu9YMKkn9RIxZdwhCNmVkBWcOZGYlYa80pzKRuJzFL
FYxTT+UTb7lJr9tuabVp
=aVsu
-----END PGP SIGNATURE-----

PS the pubkey is here for your amusement : 

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBFaFwYABEADtmRfrcv5LKDukO9mPFj3FMx1H3e73MZ0eM5qyzL+pEuekHA8C
YoyFilEVeNFzoKtCXfv+PVDSeWSaBIfKHv807iILwTsgfyOC121BTshJeE39Tchs
W08brGCXbXN9sBiruU4U9Mkc7422tqSe1+zjHQVCgakiJOutmcm6/ZtJMbMTXg4D
rlVVlRK6Q3JQcP/5kSgx1Jp3wu7v3htVfGhFFm1AGu2vc9167+KmwfWpC3piIHa5
fx+uhZdSXc2miG9za3OZDjcaXEJOgC5um4RpmKbc4Kj04hl2GTc/ll3aRu6O5HqE
yyBxMhwOxBhlAvoD7fSmNDcGlEDRt4iJ9o7e35NWuLVd9ltduzWP8GBu610VtKQz
0IKjX7zflal1Yd4MmbTyB/MmxUzRQJP3fiBjx4KhSm38fkWADNh+gA0th1mV/wHT
VAKSclKD7farx4xPWrp0IrVjBx4s+yLgmSzL3fjPlmz27uqOoVYXdcwX2IynOizK
S8QVHTgJh7rFJuOVtdAfmExJtbkc0HzkN++btdejX7CZAy+Lwq/LyL7wBnKIM3gp
8eVocX+Z0sDxOiNzL3EeIN79b4VTPGrCk0uUaiVuhHKzpLJMsw/y0sWVmEZCXO6B
72OLTwVIUAV0N78ut7yjTpZxJTeJya0k+uk35lp8SFDOwrwxFMt6aKeGAQARAQAB
tEJTZWNsYWIgU2lnbmluZyBLZXkgMjAxNiA8c2VjbGFiQGFpcmdhcHBlZC5zZWMu
dC1sYWJzLnR1LWJlcmxpbi5kZT6JAj4EEwECACgFAlaFwYACGwMFCQH0+gAGCwkI
BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFq0wSN5JL6UYRAQAIpbEAL2rOsn5tQY
bo3KvR/eC8FFPZ8B3KyP+RMbhA0hV+H68sonkXQdx2xLsr9+umZ1QscXLSv5bDTp
gTCsSJ4q2/PMzKtXSPtp8bki6BAIrNfVnEncJ9IE/YzhOhDZmGEgMoEenxR4/Pwx
Po/xd/Vva4mIwI3U41js1MyzVQNHJQkO0KVsRxpTLcaJCGwgrPpn3vEmFXp1diEZ
AcBZvNAlQFPNn7Lurk5Rh8zUsIVAbuIDNTFLfb03GPK+oq/aTfjG4cAaldyWb9T9
E4me9wCjmgfrKjem0pqVNKBPL6sv0xH6BakPkj7FxFMDanaXStcH/3Po5DL0JvtT
xc8SS+elFresfaoymq3wL98ES4aTlEXsxjw0StYZmaneeUHUW6iAnkvp3kxrwKbg
xYczM/zSi86Mrw/rihW77VuyrKMJvbD+XNhjBAjnemPkvBg4REk53Y432q7YoKIs
o3591XH8E3TzbvXJ5tlkiD/NLQX7KxkUBlSUsPIVOhCPoyqAD/28X345gf4Ciazo
jZ4XfY/0gZA8aPIJpSKigDR7cbQp23jtk1SLnQhMqrv5k4l+5Jd/W9yy5/RAmEtz
CmFPdtAHK4+wKK7LZdYKbeKQuB77w8yEQqo3Cd+UzoINUXbXvm8HlXJPXOE/wd54
u4nn1epDxJbiu+tyfJgebGaP8y4Q
=I1WF
-----END PGP PUBLIC KEY BLOCK-----

6 thoughts on “Today In Accidental Insecurity

  1. This just in:


    Date: Mon, 14 Nov 2016 21:07:48 +0100
    From: Jan Nordholz
    To: [snip]
    Subject: Re: PGP key factored

    Hi,

    > A PGP key appearing to belong to your organization has been publicly factored,
    >
    > http://phuctor.nosuchlabs.com/gpgkey/341F5F22B677175F46A2C6F87A2F74BADC483E18EB1E656570344DD213EE327C

    just for the record: you've apparently been used by (at least) one of our
    students who couldn't be bothered to run (11*10)/2 Euclids on his own. The
    two keys sharing a prime factor belong to an 11-key training set we use in
    one of our courses (and which will never be exposed to the public anyway).

    Thanks for the notice and best regards,

    Jan Nordholz, TU Berlin

    • Nice story, thanks for sharing.

      The topic of today's discussion however is "How were these keys generated ?"

      As riveting as unverifiable anecdotes may be, let's try and stick to it.

  2. Lol this is easily the best "unhappen" yet. So as the story goes, a secret key that exists and is regularily updated since 2006 suddenly — but deliberately! — gets a shared factor in 2016, as part of a didactic exercise which consists of doing euclids and other calisthenics. As a sub-plot thickener, it is for the first time announced that it takes 11*10/2 operations to obtain a 600+ digit prime factor in Berlin, which is somewhat cheaper than anywhere else.

    We are entertaint.

  3. "As a sub-plot thickener, it is for the first time announced that it takes 11*10/2 operations to obtain a 600+ digit prime factor in Berlin, which is somewhat cheaper than anywhere else."

    If you have 11 moduli, and you GCD() each pair, how many times do you have to call GCD()?

    Answer: 55 times.

    Unless you live in Anon's Derpcity of course, where stupid tax is due.

Leave a Reply to Anon Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>