The folks over at École Polytechnique of Lausanne have published a very interesting paper titled “Ron was wrong, Whit is right“. This is not too mathematical for a cryptanalitical paper and understandable even to someone without crypto background. It is more of an investigation into the properties of the public keys available publically on the internet. The guys explain how by collecting a large number of keys from the internet in very proper and official ways and analyzing them they were able to find collisions that basically allow one person to impersonate another not to mention some basically weak keys that offer no security at all. Fascinating stuff.
A cool comment is all the way at the bottom says:
“The lack of sophistication of our methods and findings make it hard for us to believe that what we have presented is new, in particular to agencies and parties that are known for their curiosity in such matters. It may shed new light on NIST’s 1991 decision to adopt DSA as digital signature standard as opposed to RSA, back then a “public controversy”.
Which is probably true, you know…