CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 server: GitHub.com content-type: text/html; charset=utf-8 last-modified: Sun, 07 Apr 2019 16:52:02 GMT access-control-allow-origin: * etag: W/"5caa2ab2-14e9" expires: Sun, 28 Dec 2025 00:02:55 GMT cache-control: max-age=600 content-encoding: gzip x-proxy-cache: MISS x-github-request-id: C151:36A0B4:7169A3:7ECB97:69507151 accept-ranges: bytes age: 0 date: Sat, 27 Dec 2025 23:52:55 GMT via: 1.1 varnish x-served-by: cache-bom-vanm7210084-BOM x-cache: MISS x-cache-hits: 0 x-timer: S1766879575.253292,VS0,VE203 vary: Accept-Encoding x-fastly-request-id: 51a1ca8757aa66eb102a6e63b8155afafb19ea4b content-length: 2152 Widespread Weak Keys in Network Devices - factorable.net

Widespread Weak Keys in Network Devices

We performed a large-scale study of RSA and DSA cryptographic keys in use on the Internet and discovered that significant numbers of keys are insecure due to insufficient randomness. These keys are being used to secure TLS (HTTPS) and SSH connections for hundreds of thousands of hosts.

We found that 5.57% of TLS hosts and 9.60% of SSH hosts share public keys in an apparently vulnerable manner, due to either insufficient randomness during key generation or device default keys.
We were able to remotely obtain the RSA private keys for 0.50% of TLS hosts and 0.03% of SSH hosts because their public keys shared nontrivial common factors due to poor randomness.
We were able to remotely obtain the DSA private keys for 1.03% of SSH hosts due to repeated signature randomness.

Nearly all the vulnerable hosts are headless and embedded network devices, such as routers, firewalls, and server management cards. These types of devices often generate keys automatically on first boot, and lack many of the physical sources of randomness used by traditional PCs to generate random numbers. We identified apparently vulnerable devices and software from 54 manufacturers and notified these companies about the problems.

In experiments with several popular open-source software components, we were able to reproduce these vulnerabilities and show how such weak keys can arise in practice. Most critically, we found that the Linux random number generator can produce predictable output at boot under certain conditions, although we also observed compromised keys on BSD and Windows-based systems.

Learn more:

Research Paper FAQ

The Team

This study was performed by computer scientists at the University of California, San Diego and the University of Michigan.

Nadia Heninger, Postdoctoral Fellow, UC San Diego
Zakir Durumeric, Ph.D. Student, University of Michigan
Eric Wustrow, Ph.D. Student, University of Michigan
J. Alex Halderman, Assistant Professor, University of Michigan

The research team can be reached at factorable@umich.edu.

Original Source | Taken Source