A paper entitled Ron was wrong, Whit is right reveals that many of the secret keys that are supposed to be randomly-generated by RSA moduli are duplicate, instead of being unique.
“Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended. A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security,” the cryptographers wrote.
They gathered 7.1 million public keys, focusing mainly on X.509 certificates, out of which 27,000 turned out to offer no security at all. Even more, the experts were surprised by the number of public keys shared among unrelated parties.
While the number is low, the risks involved being acceptable, the research demonstrates that the “multiple-secrets” RSA-based cryptosystems are less efficient than the “single-secret” ElGamal and DSA systems.
“The lack of sophistication of our methods and findings make it hard for us to believe that what we have presented is new, in particular to agencies and parties that are known for their curiosity in such matters,” the paper concludes.
“It may shed new light on NIST's 1991 decision to adopt DSA as digital signature standard as opposed to RSA, back then a ‘public controversy’.”
During the study, the experts verified that the public key collection process is performed in such a way that it would not affect system administrators.
The name of the study refers to cryptographer Ron Rivest, one of the inventors of the RSA algorithm, and Whitfield Diffier (also known as Whit), one of the pioneers of public-key cryptography.