On Sat, May 31, 2008 at 09:32:54PM +0200, Yves Rutschle wrote:
> On Wed, May 28, 2008 at 07:55:35PM +1200, Deane Sloan wrote:
> > Finally - how real is this concern? What is the probability that say a
> > 2048bit generated key could fall into the 32,767 keys in the metasploit
> > SSH example on unaffected systems?
>
> 32,768 = 2^15
>
> number of 2048 bit keys: 2^2048
No, not all possible 2048 bit numbers are sensible RSA moduli. The
modulus is a product of 2 1024-bit primes, whose density can be estimated
via the Prime Number Theorem. Don't recall whether the primes used in
practice have additional properties that further reduce their density.
In any case the prime density is ~1/ln(N) and if estimate e ~= 2, only
one in 1000 numbers of that size is prime, so there are ~20 bits fewer
RSA moduli (crude estimate ~2028 bits). And subtracting 15 from that,
we now get down to 2013 bits, which is still absurdly large.
How many bits of random data are taken from the RNG to generate the two
primes? If it is less that ~1000 bits each, the key-space bit count is
the number of bits random data used, not the size of the primes.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
