"RSA key generation was done incorrectly, leading to very insecure keys." I think you misspelled "we implemented double-ROT13 instead of RSA". https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc … #NeverRollYourOwnCrypto
-
That indicates other problems with their key generator. Key generators have to find p and q such that e does not divide lcm(p-1, q-1). I guess it could check whether gcd(lcm(p-1, q-1), e) = 1 which would've passed.
It's M2Crypto, which wraps OpenSSL's RSA_generate_key_ex. So score another point for OpenSSL? News at 11.
-
-
Just checked. OpenSSL's RSA_generate_key_ex is perfectly happy to take any odd number (it seems) as e. 0 errors out and even numbers infinite loop (lol).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.