Weak RSA Moduli bug

Recently, researchers reported flaws in the public keys in certificates on the Internet. Here is an excellent blog post on the issue, with pointers back to the original two articles that discuss the problem.

http://dankaminsky.com/2012/02/17/primalfear/

Read the blog article and write a 1/2 page summary on what you learned. This article refers to many of the topics we have been learning about in RSA and certificates.

Ideas of questions you might answer in your brief response:

• What is the error that was discovered?
• How serious is the problem in practice?
• What lessons did you learn from this incident?
• What questions arose from your reading of the article?

Update Fall 2016

The weak RSA moduli bug is getting a bit dated. Here are some other attacks from the past few years that you might explore instead. You can answer the same set of questions for one of these attacks. Please cite all the sources that you use.

• Drown attack https://drownattack.com/
• BEAST
• FREAK
• Logjam
• Heartbleed

You can find some starting info in the TLS wiki page for these attacks

https://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS.2FSSL