Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| public:papers:acsac2017 [2017-12-04 19:23] – [Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans [ACSAC 2017]] xnemec1 | public:papers:acsac2017 [2017-12-04 19:54] – [Q&A section] xnemec1 | ||
|---|---|---|---|
| Line 28: | Line 28: | ||
| ---- | ---- | ||
| + | |||
| + | ===== Resources ===== | ||
| + | |||
| + | * Measurement (classification) tool: [[https:// | ||
| + | * RSA keys from reference libraries: [[https:// | ||
| + | * Data processing (TLS, PGP): [[https:// | ||
| + | * Data processing (Certificate Transparency): | ||
| ===== Q&A section ===== | ===== Q&A section ===== | ||
| - | <callout type=" | + | ==Q: What did you do?== |
| + | A: We used the fact that distributions of RSA public keys generated by cryptographic libraries are slightly biased, to measure the popularity of cryptographic libraries in Internet-wide scans. | ||
| + | |||
| + | ==Q: Does it mean the biased RSA key generation methods are broken?== | ||
| + | A: No, in general, the bias is not enough for key factorization. However, we did break the Infineon implementation in our recent paper [[https:// | ||
| + | |||
| + | ==Q: What libraries did you analyze? Can you tell all libraries apart?== | ||
| + | A: You can see all the analyzed sources in the following graph. Libraries in the same Group (Group number in square brackets) produce very similar distributions. The popularity of individual Groups can be measured. | ||
| + | |||
| + | {{: | ||
| - | ==Q: So what did you do?== | + | ==Q: I want to know the popularity of library X, why wasn't it included? == |
| - | A: FIXME | + | A: To suggest other sources that we can add to our analysis, please get in touch with us. If you can also provide keys generated by hardware, open-source and proprietary libraries, we will add them to the [[https:// |