還原被碼掉的 PEM 資訊 (SSH RSA key)

在「Recovering a full PEM Private Key when half of it is redacted」這邊看到的,起因是 _SaxX_ 幫客戶做滲透測試時找到客戶公開在網路上的 SSH key,然後他就碼掉一部分貼出來:

原圖是這樣,接下來就開始被還原 XD

首先是 OCR 的過程,被稱為是整個還原過程最難的一部分 (哭爸啊):

Ironically, this was the hardest part of the challenge. It took the longest time of all the steps and was the easiest to make errors in.

接下來就是解讀 PEM 檔的格式,可以藉此得到裡面的參數。

然後是套公式,窮舉運算裡面的值,可以看到迴圈 kp 只算了 365537,就推算出可能的 p

e = 65537
q = 0xc28871e8714090e0a33327b88acc57eef2eb6033ac6bc44f31baeac33cbc026c3e8bbe9e0f77c8dbc0b4bfed0273f6621d24bc1effc0b6c06427b89758f6d433a02bf996d42e1e2750738ac3b85b4a187a3bcb4124d62296cb0eecaa5b70fb84a12254b0973797a1e53829ec59f22238eab77b211664fc2fa686893dda43756c895953e573fd52aa9bb41d22306135c81174a001b32f5407d4f72d80c5de2850541de5d55c19c1f817eea994dfa534b6d941ba204b306225a9e06ddb048f4e34507540fb3f03efeb30bdd076cfa22b135c9037c9e18fe4fa70cf61cea8c002e9c85e53c1eaac935042d00697270f05b8a7976846963c933dadd527227e6c45e1
dp = 0x878f7c1b9b19b1693c1371305f194cd08c770c8f5976b2d8e3cf769a1117080d6e90a10aef9da6eb5b34219b71f4c8e5cde3a9d36945ac507ee6dfe4c146e7458ef83fa065e3036e5fbf15597e97a7ba93a31124d97c177e68e38adc4c45858417abf8034745d6b3782a195e6dd3cf0be14f5d97247900e9aac3b2b5a89f33a3f8f71d27d670401ca185eb9c88644b7985e4d98a7da37bfffdb737e54b6e0de2004d0c8c425fb16380431d7de40540c02346c98991b748ebbc8aac73dd58de6f7ff00a302f4047020b6cd9098f6ba686994f5e043e7181edfc552e18bce42b3a42b63f7ccb7729b74e76a040055d397278cb939240f236d0a2a79757ba7a9f09

for kp in range(3, e):
    p_mul = dp * e - 1
    if p_mul % kp == 0:
        p = (p_mul // kp) + 1
        if isPrime(p):
            print(f"Possible p: {p}")

後面就是跑驗證確認,就被打出來了...

RSA-240 (十進位 240 位數) 成功分解

在「RSA-240 Factored」這邊看到的,RSA-240 前幾天被解開了:

RSA-240 = 124620366781718784065835044608106590434820374651678805754818788883289666801188210855036039570272508747509864768438458621054865537970253930571891217684318286362846948405301614416430468066875699415246993185704183030512549594371372159029236099 = 509435952285839914555051023580843714132648382024111473186660296521821206469746700620316443478873837606252372049619334517 * 244624208838318150567813139024002896653802092578931401452041221336558477095178155258218897735030590669041302045908071447

有效長度是 795 bits,相較於十年前解出來的 RSA-768 (768 bits) 又多了「一些」。看了一下,算法上沒有太多突破,主要是硬體的發展與軟體的最佳化有進展...

ROCA:Infineon Technologies 的 RSA 實做問題

最近的另外一個大包,不過這包是 Infineon Technologies 在實做 RSA 算法時的問題,倒不是 RSA 算法本身有問題。之所以會「大」是因為有太多人用了:「ROCA: Vulnerable RSA generation (CVE-2017-15361)」。

起因於 Infineon Technologies 在產生 key 時的組合有限,於是要猜測的 keyspace 小很多。

以研究者的估算,可以看出 CPU year 都被大幅減少了,都是屬於「可行」的範圍:

The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014):

512 bit RSA keys - 2 CPU hours (the cost of $0.06);
1024 bit RSA keys – 97 CPU days (the cost of $40-$80);
2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000).

而且這邊是用 CPU year 估算,如果考慮 FPGA 加速計算,應該會短更多...

另外從發現到公開的時間線也拉得很長,可以看到中間一直在找解決方案:

2nd of November 2017 - Presentation of all details at the ACM CCS conference (to come)
16th of October 2017 - The initial version of the public disclosure published
May to October 2017 - Cooperation with the manufacturer and other affected parties to help evaluate and mitigate the vulnerability
1st of February - The vulnerability disclosed to Infineon Technologies AG
End of January - The vulnerability found

過一陣子就會去 conference 上報告了...

Amazon 決定在自家的購物網站上停售 Google Chromecast 與 Apple TV

這大概是這幾天最刺激的事情... Amazon 決定在自家購物往站上停售 Google ChromecastApple TV:「Amazon to Ban Sale of Apple, Google Video-Streaming Devices」。

引用新聞的報導說明,因為 Chromecast 與 Apple TV 不相容於 Amazon 自家的 Prime Video,所以下令所有的店家停售:

The Seattle-based Web retailer sent an e-mail to its marketplace sellers that it will stop selling the Apple TV and Google’s Chromecast since those devices don’t "interact well" with Prime Video. No new listings for the products will be allowed and posting of existing inventory will be removed Oct. 29, Amazon said. Prime Video doesn’t run easily on its rival’s hardware.

至於會不會引起反壟斷調查呢?站在看好戲的立場當然是很希望,但這兩個產品就算不在 Amazon 上買,也有一卡車的競爭對手有賣... 不曉得後面會怎麼發展。

Amazon 在巴爾的摩與邁阿密推出「一個小時到貨」服務...

從「Amazon Launches One-Hour Delivery Service In Baltimore and Miami」這邊看到的,引用的報導是「Amazon launches one-hour delivery service in Baltimore」。

有付 Amazon Prime 費用的人在這兩個地區將提供兩小時到貨 (free),或是一小時到貨 (多收 USD$7.99):

The service will be available in select zip codes to Amazon Prime subscribers, who pay $99 a year for unlimited free two-day delivery on more than 20 million items. The one-hour service, available through the Prime Now mobile app, costs $7.99, while two-hour delivery will be free.

去年在曼哈頓的實驗算是成功吧... 只是 FAA 同意無人小型貨運機的實驗授權一下來就這樣公佈啊... (Amazon Gets Experimental Airworthiness Certificate)