Experts: RSA weak keys flaw restricted to network devices

Anonymous Coward

What do you mean, RSA package?

In context, RSA is an algorithm, one widely taught (like, highschool math masterclasses), well-known, available. RSA-the-company was founded by the same people that cooked up the algorithm, but that doesn't mean each implementation has their hand in it, or even their blessing. This spat isn't nearly as connected to them as, say, the break-in that compromised their remote login security keyfobs.

Generally you'd want a *good* source of random numbers, and a PRNG almost by definition disqualifies itself (the "pseudo" bit), though with all sorts of clever tricks it is possible to get something less awfully bad than the old "rand()" found in historical libcs, where you need to discard the lower 12 bits to get something vaguely usable even for, say, games. Modern unices, say, will "gather entropy", possibly even keep it across reboots, and provide a reasonable source of random numbers, possibly with hardware assistance if available. You pretty much need OS support (drivers) for that last bit. Some programs bring their own random number generators, especially if the OS isn't known to provide good support.

The problem with these embedded devices is that at first start-up, they haven't been running very long and as such the random numbers they generate then aren't very good at all, even if your PRNG isn't unreasonable. And that's the point at which these certificates tend to be generated.

So, who's responsible? The embedded system designers, basically. Could chalk it down to an oversight, and an object lesson in how tiny details can wreak havoc upon an otherwise perfectly good plan, especially when crypto is involved. This sort of thing is exactly why random numbers are important.


Back to the forum


Biting the hand that feeds IT © 1998–2018