The Phuctoring

Saturday, 30 April, Year 8 d.Tr. | Author: Mircea Popescu

phuctoring

There's a total of 203 RSA moduli that have been factored to date. Among the more notable sounding keys :

Nancy Laubenthal <nancy.laubenthal@gsfc.nasa.gov> ; Alexander O. Yuriev <DataLink BBS SysOp>; Sandip Bhattacharya <sandipb@member.fsf.org>; Vincent Thenhart <vincent.thenhart@piraten-rlp.de>; Robert L. Vaessen (MobileMei key generated with gpg) <rvaessen@me.com>; debian.sur5r.net Archive Automatic Signing Key (sur5r) <debian@sur5r.net>; Piraten | Martin Letzel <piratenpartei@letzel.org>; Apple Product Security <product-security@apple.com>; Andreas Heimann <Andreas.Heimann@piratenpartei-hessen.de>; Andreas Winkelbauer <andreas.winkelbauer@ieee.org>; PGP Corporation Update Signing Key; <update-key@pgp.com>; Michael Starck <michael.starck@piratenpartei-hessen.de>; Stephan Urbach <stephan.urbach@german-bash.org>; Herr Urbach <stephan.urbach@piratenpartei-hessen.de>; Carsten Lenz <carsten.lenz@piraten-ulm.de>; H. Peter Anvin <hpa@infradead.org>; H. Peter Anvin (hpa) <hpa@zytor.com>; H. Peter Anvin <h.peter.anvin@intel.com>; Eric Henry <eric_henry@intuit.com>; Eric Henry <ehenry@ehenryonline.com>; Eric Henry <eric.henry@helixstorm.com>; Eric Henry <eric.henry@ingeniumresults.com>; Richard Monk <rmonk@redhat.com>; PGP Global Directory Verification Key;

along with various university and personal accounts. The list is, obviously, not exhaustive.

This find exposes significant vulnerabilities in the OpSec practices of each and every organisation or institution mentioned. The Pirate Party, German users, something calling itself "The PGP Corporation", the FSF and Apple particularly badly hit.

Phuctor will continue as a free, open and public service in the indefinite future. Feel free to verify your future keys against the ever-growing database. Special thanks to Mr. D. J. Bernstein for refinements to the algorithm that allowed us to reduce the required workload considerably.ii

———
  1. Pointing to futher vulnerabilities in the MobileMe Apple scam. []
  2. Phuctor now checks a database of almost two million keys in less than twenty minutes. []
Category: Breaking News
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

2 Responses

  1. 205 lol

  2. Mircea Popescu`s avatar
    2
    Mircea Popescu 
    Saturday, 30 April 2016

    Well yeah I expect it'll keep growing :)

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.