I created a parser script that puts the raw cryptographic data of the PGP keys into a database. Doing this allows large scale searches for well-known vulnerabilities. DSA signatures with a duplicate $k$ value due to bad random numbers allow the calculation of the private key. Similarly analyzing RSA keys for shared prime factors allows factoring the modulus and thus also regenerating the private key.
A small number of breakable keys due to these weaknesses were found.Category / Keywords: public-key cryptography / pgp, dsa, rsa, rng, keyserver Date: received 19 Mar 2015 Contact author: hanno at hboeck de Available format(s): PDF | BibTeX Citation Version: 20150322:083515 (All versions of this report) Short URL: ia.cr/2015/262 Discussion forum: Show discussion | Start new discussion