This report describes the successful factorization of RSA moduli, by connecting to faulty TLS servers which enable forward secrecy and which use an insufficiently hardened RSA-CRT implementation. The history of this particular RSA-CRT implementation defect is discussed, and the current state of countermeasures is reviewed. Some familiarity with the RSA cryptosystem and the Transport Layer Security protocol suite is assumed.
Recommended Comments
Create an account or sign in to comment