When RSA Fails: Exploiting Prime Selection Vulnerabilities in Public Key Cryptography

TL;DR

This paper investigates RSA prime selection vulnerabilities, demonstrating that improper prime choices can be exploited through Fermat's factorization and GCD attacks, with real-world implications for cryptographic security.

Contribution

It identifies the prevalence of prime selection vulnerabilities in RSA implementations and highlights the impact of weak entropy in embedded devices on cryptographic security.

Findings

Over 64,000 TLS hosts vulnerable due to prime issues

Fermat's factorization remains effective against poorly chosen primes

Weak entropy in embedded devices causes prime selection failures

Abstract

This paper explores vulnerabilities in RSA cryptosystems that arise from improper prime number selection during key generation. We examine two primary attack vectors: Fermat's factorization method, which exploits RSA keys generated with primes that are too close together, and the Greatest Common Divisor (GCD) attack, which exploits keys that share a common prime factor. Drawing from landmark research including Heninger et al.'s ``Mining Your Ps and Qs'' study, which discovered over 64,000 vulnerable TLS hosts, and B{\"o}ck's 2023 analysis of Fermat factorization in deployed systems, we demonstrate that these vulnerabilities remain prevalent in real-world cryptographic implementations. Our analysis reveals that weak random number generation in embedded devices is the primary cause of these failures, and we discuss mitigation strategies including proper entropy collection and prime validation checks.