Independent Security Researcher
badkeys: Finding weak cryptographic keys at scale
Over the years many cryptographic vulnerabilities have been found in public keys in use for SSH, TLS and other cryptographic protocols, in many cases allowing cryptographic keys to be trivially broken. Noteworthy examples include the 2008 Debian OpenSSL bug, the ROCA vulnerability, the 2021 keypair key generation vulnerability, shared prime factor moduli in embedded devices ("Mining Ps and Qs") and various instances of leaked keys or default keys used in production. While these vulnerabilities have been described in the literature, for many of them no public detection tools are available or the tooling is outdated and thus hard to use.
Access to publicly available databases of large numbers of cryptographic keys from Internet-wide scans, Certificate Transparency logs and other sources allow to search for these vulnerabilities at scale. During this research a previously only theoretically known vulnerability that trivially allows calculating private keys has been discovered in publicly used TLS certificates and IoT devices. Furthermore previously known vulnerabilities have been found in live TLS certificates years after their discovery.
Hanno Böck is a security researcher and IT journalist. He has published several research papers on TLS vulnerabilities, most notably the ROBOT attack (Usenix Security 2018), GCM implementation flaws (Usenix WOOT 2016) and STARTTLS flaws (Usenix Security 2020).