Weak RSA Keys With Numerous Zeros Discovered in Real-World Systems
Researchers have identified a new class of weak RSA cryptographic keys containing numerous zeros, found in expired certificates for major organizations and on NetApp software, alongside a separate pattern affecting SSH hosts running CompleteFTP.
A recent study has uncovered a significant vulnerability in the generation of RSA cryptographic keys, revealing a new class of weak keys characterized by an abundance of zeros. These flawed keys have been found in active use across various real-world systems, raising concerns about the integrity of secure communications.
The discovery stems from the 'badkeys' project, an open-source initiative dedicated to identifying and flagging public keys with known vulnerabilities. While compiling a vast dataset of real-world keys from sources like Certificate Transparency logs, internet-wide scans, and PGP key repositories, researchers observed unexpected patterns of sparsity in RSA moduli. These patterns, featuring regularly spaced blocks of zeros interspersed with seemingly random data, indicate a fundamental flaw in the key generation process.
One specific pattern, designated Pattern 1, was identified in expired certificates issued to prominent organizations such as Yahoo and Verizon. Additionally, this pattern was found on devices running NetApp software. Although these particular certificates have already expired, the presence of such weak keys in the infrastructure of major corporations highlights a critical implementation failure. The researchers shared their findings with the affected companies but did not receive specific details regarding the product responsible for generating these keys.
A second pattern, Pattern 2, was observed on SSH hosts utilizing the CompleteFTP software developed by EnterpriseDT. This vulnerability specifically impacts RSA keys generated by versions 10.0.0 through 12.0.0 (released between December 2016 and March 2019) and DSA keys generated by versions 10.0.0 through 23.0.4 (released between December 2016 and December 2023).
While the number of affected hosts running CompleteFTP is described as a small minority of internet-facing systems, the broader implication is the discovery of similar cryptographic implementation failures across independent software products. This suggests that other cryptographic implementations may harbor similar bugs, potentially creating a wider attack surface than initially apparent.
The researchers recommend tailoring cryptanalytic algorithms to specifically target this type of failure, acknowledging that such weaknesses can be exploited by adversaries. The implications of these findings extend beyond mere implementation bugs; the structured nature of the zero-filled patterns could potentially suggest deliberate backdoors, a concern previously raised regarding government agencies influencing cryptographic standards.
This discovery underscores the critical importance of rigorous cryptographic implementation and regular auditing of key generation processes. The presence of these weak keys, even in expired certificates, serves as a stark reminder that vulnerabilities in foundational security mechanisms can have far-reaching consequences, potentially compromising past and future secure communications.
Further investigation into the root causes and the extent of deployment of these weak keys is warranted. Organizations relying on RSA and DSA cryptography should prioritize reviewing their key generation practices and consider migrating to more robust, modern cryptographic standards, especially in light of advancements in cryptanalysis and the ongoing development of quantum computing.