Transferable namespace projection in bind9
Assume that you have control over a zone somezone.net, i.e. you can add records in that zone. With this patch to bind-9.1.3 you can designate a new domain, even a TLD, e.g. .mytld. Every hostname h.mytld in that zone is CNAMEd to a hostname j in somezone.net, where j = SHA1(h . <secret>). <secret> is set in bind's config file. This allows you to assign arbitrary meaningful names in .mytld, like icannsucks.mytld. The DNS queries that leave the subnet with your modified bind refer to meaningless hostnames in somezone.net. If you want to share this local namespace with someone, you just have to send him/her the configfile entry that defines the TLD and the secret.
Factoring silly keys from the keyservers
At the Privacy Enhancing Technologies Workshop in 2004, Ben Laurie and I did the following experiment: Take all RSA moduli from PGP keys presumably created with old versions of PGP and compute the pairwise gcds (Peter Palfrader supplied us with the keys). It turns out that two keys of about 18.000 have a common divisor in their moduli:pub 512R/A6A0B399 1994-08-22 uid Joe Schmuckleyandpub 1024R/575F0491 1995-04-25 uid Ptolemy\x94XIV
I attacked the second key with Paul Zimmermann's Elliptic Curve Factoring implementation.
The key's modulus is
This is not the product of two primes. So far we found the following factors:
The remainder is not prime but seems to contain no factors smaller than 150 bits.
- 3 (Yes, three!)
- 3 (Yes, it's not even squarefree)