Transferable namespace projection in bind9

Assume that you have control over a zone somezone.net, i.e. you can add records in that zone. With this patch to bind-9.1.3 you can designate a new domain, even a TLD, e.g. .mytld. Every hostname h.mytld in that zone is CNAMEd to a hostname j in somezone.net, where j = SHA1(h . <secret>). <secret> is set in bind's config file. This allows you to assign arbitrary meaningful names in .mytld, like icannsucks.mytld. The DNS queries that leave the subnet with your modified bind refer to meaningless hostnames in somezone.net. If you want to share this local namespace with someone, you just have to send him/her the configfile entry that defines the TLD and the secret.

Thu, 01 Jul 2004
[/projects] permanent link

Factoring silly keys from the keyservers

At the Privacy Enhancing Technologies Workshop in 2004, Ben Laurie and I did the following experiment: Take all RSA moduli from PGP keys presumably created with old versions of PGP and compute the pairwise gcds (Peter Palfrader supplied us with the keys). It turns out that two keys of about 18.000 have a common divisor in their moduli:

 pub    512R/A6A0B399 1994-08-22
 uid                  Joe Schmuckley

and

 pub   1024R/575F0491 1995-04-25 
 uid                  Ptolemy\x94XIV 

I attacked the second key with Paul Zimmermann's Elliptic Curve Factoring implementation.
The key's modulus is
1549562663450840692268622483721103711669388864897522390528764
829445645828909290189247132280621825493873705019175480670501
2516682556124827129012380911158436701354213114871849305291083
202711859451406305095386470946490932290315424308032810615741
2235640682459755462203449571275078025946614196463838287264848
217233
This is not the product of two primes. So far we found the following factors:

1. 3 (Yes, three!)
2. 3 (Yes, it's not even squarefree)
3. 42742556573248957
4. 314267779982277702367112491702024117309

The remainder is not prime but seems to contain no factors smaller than 150 bits.

Thu, 01 Jul 2004
[/projects] permanent link