https://community.isc2.org/t5/Tech-Talk/RSA-Private-Key-Recovery/m-p/51727#M3576 <P>Hi all,</P><P>&nbsp;</P><P>Some time ago, I did some research on the RSA algorithm because I learned some years ago that a private key cannot be extracted from a public key. As you know, web servers have certificates which all have a public key inside. So, what about the private key, are there any possibilities to get it ?</P><P>&nbsp;</P><P>Well, it depends on the key generation process. I explain in my research paper on which way a private key can be recovered from a public key. In this vulnerability, I explain when two prime are generated during the key generation process are close to each other, the private key can easily be recovered.</P><P><A href="https://www.sans.org/white-papers/recover-an-rsa-private-key-from-a-tls-v1-2-session/" target="_blank">https://www.sans.org/white-papers/recover-an-rsa-private-key-from-a-tls-v1-2-session/</A></P><P>&nbsp;</P><P>This vulnerability exist for a long time, so validating prime numbers during the key generation process is also important.</P><P>If you need any additional information, don't hestiate to contact me via email.</P><P>&nbsp;</P><P>regards</P><P>Johan</P> Mon, 27 Jun 2022 13:17:49 GMT JohanLoos 2022-06-27T13:17:49Z https://community.isc2.org/t5/Tech-Talk/RSA-Private-Key-Recovery/m-p/51727#M3576 <P>Hi all,</P><P>&nbsp;</P><P>Some time ago, I did some research on the RSA algorithm because I learned some years ago that a private key cannot be extracted from a public key. As you know, web servers have certificates which all have a public key inside. So, what about the private key, are there any possibilities to get it ?</P><P>&nbsp;</P><P>Well, it depends on the key generation process. I explain in my research paper on which way a private key can be recovered from a public key. In this vulnerability, I explain when two prime are generated during the key generation process are close to each other, the private key can easily be recovered.</P><P><A href="https://www.sans.org/white-papers/recover-an-rsa-private-key-from-a-tls-v1-2-session/" target="_blank">https://www.sans.org/white-papers/recover-an-rsa-private-key-from-a-tls-v1-2-session/</A></P><P>&nbsp;</P><P>This vulnerability exist for a long time, so validating prime numbers during the key generation process is also important.</P><P>If you need any additional information, don't hestiate to contact me via email.</P><P>&nbsp;</P><P>regards</P><P>Johan</P> Mon, 27 Jun 2022 13:17:49 GMT https://community.isc2.org/t5/Tech-Talk/RSA-Private-Key-Recovery/m-p/51727#M3576 JohanLoos 2022-06-27T13:17:49Z https://community.isc2.org/t5/Tech-Talk/RSA-Private-Key-Recovery/m-p/51731#M3577 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/841582019">@JohanLoos</a>&nbsp;&nbsp; A very good practical demonstration.&nbsp; Well done</P><P>&nbsp;</P><P>Of course all this will be practically all undone with the implementation of Quantum Computing, which is why there is so much interest in the subject.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 27 Jun 2022 21:06:26 GMT https://community.isc2.org/t5/Tech-Talk/RSA-Private-Key-Recovery/m-p/51731#M3577 Caute_cautim 2022-06-27T21:06:26Z