Mining Your Ps and Qs_ Detection of挖掘你的Ps and Qs策略.pdfVIP

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices Nadia Heninger† Zakir Durumeric‡ Eric Wustrow‡ J. Alex Halderman‡ † University of California, San Diego ‡ The University of Michigan nadiah@ {zakir, ewust, jhalderm}@ Abstract expect that today’s widely used operating systems and RSA and DSA can fail catastrophically when used with server software generate random numbers securely. In this malfunctioning random number generators, but the extent paper, we test that proposition empirically by examining to which these problems arise in practice has never been the public keys in use on the Internet. comprehensively studied at Internet scale. We perform The first component of our study is the most compre- the largest ever network survey of TLS and SSH servers hensive Internet-wide survey to date of two of the most and present evidence that vulnerable keys are surprisingly important cryptographic protocols, TLS and SSH (Sec- widespread. We find that 0.75% of TLS certificates share tion 3.1). By scanning the public IPv4 address space, keys due to insufficient entropy during key generation, we collected 5.8 million unique TLS certificates from and we suspect that another 1.70% come from the same 12.8 million hosts and 6.2 million unique SSH host keys faulty implementations and may be susceptible to com- from 10.2 million hosts. This is 67% more TLS hosts promise. Even more alarmingly, we are able to obtain than the latest released EFF SSL Observatory dataset [ 18]. RSA private keys for 0.50% of TLS hosts and 0.03% of