One in every 172 active RSA certificates are vulnerable to attack
On Saturday, a team of researchers from Keyfactor presented a vulnerability that they discovered in RSA certificates that could compromise one in every 172 certificates in use. The team presented their findings at the First IEEE Conference in Los Angeles, California. RSA certificates serve as public-key certificates, using cryptographic algorithms to encrypt data and protect user information. RSA certificates protect internet traffic and software communications, and therefore the vulnerability found by the Keyfactor researchers could leave thousands of devices unprotected from these services.
The team built a massive database consisting of 75 million active RSA keys, adding 100 million certificates obtained from certificate transparency logs, and then analyzed the dataset using a Microsoft Azure virtual machine. The researchers found that one in every 172 active keys shares a factor with another, and the discovery of these prime factors can be used to compromise the certificates, which in turn compromises the security of the certificate holder. Keyfactor found that over 435,000 of the certificates contained a shared factor, which allowed the researchers to rederive the private keys.