Reaping and breaking keys at scale: when crypto meets big data

The presentation discusses the collection and breaking of public keys at scale, highlighting potential vulnerabilities and risks to data and privacy. The researchers built a public key reaping machine and collected over 300 million keys, testing them for vulnerabilities such as ROCA and factorization using batch-GCD. The results showed that hundreds of people could have been impersonated, thousands of servers mimicked, and over 200k websites subjected to MitM attacks. The presentation also discusses the use of elliptic curve cryptography as a more secure alternative to RSA.

• Public keys are everywhere and potentially vulnerable to compromise
• Researchers built a public key reaping machine and collected over 300 million keys
• Collected keys were tested for vulnerabilities such as ROCA and factorization using batch-GCD
• Hundreds of people could have been impersonated, thousands of servers mimicked, and over 200k websites subjected to MitM attacks
• Elliptic curve cryptography is a more secure alternative to RSA

The researchers demonstrated how they were able to retrieve the private key from a public key and gain access to a machine via SSH. They also created a website where users can upload their public keys to be tested against their database, promising to find any vulnerable private keys.

Public keys are everywhere, after all, they are public. These keys are waiting to be reaped by those who know their real value. Hidden behind this public face lurks some potentially dangerous issues which could lead to a compromise of data and privacy. Leveraging hundreds of minion devices, we built a public key reaping machine (which we are open sourcing) and operated it on a global scale. Collected keys are tested for vulnerabilities such as the recent ROCA vulnerability or factorization using batch-GCD. We've collected over 300 million keys so far and built a database 4 to 10 times bigger than previous public works. Performing the initial computation on over 300 million keys took about 10 days on a 280 vCPU cluster. Many optimizations allow our tool to incrementally test new RSA keys for common prime factors against the whole dataset in just a few minutes. As a result of our research, we could have impersonated hundreds of people by breaking their PGP keys, mimicked thousands of servers thanks to their factored SSH keys and performed MitM attacks on over 200k websites relying on vulnerable X509 certificates. In the end, we were able to do this in an entirely passive way. Going further is possible, but it would lead us to the dark side. Would big brother hesitate to go there?