minimarcel
commented
8 years ago Thanks for reporting this issue. This code is part of an old library that I'm not using any more, but yes your are absolutely right.
Open HenkPoley opened 8 years ago
minimarcel
commented
8 years ago Thanks for reporting this issue. This code is part of an old library that I'm not using any more, but yes your are absolutely right.
This file contains a small list of small primes, that is easily crackable and thus insecure: https://github.com/minimarcel/vanilla/blob/a0bbd751a9622ba4b5dd7cc8c0ae38f9c66ad809/src/vanilla/security/crypt/RSACrypter.class.php
Issue is similar as: https://twitter.com/voodooKobra/status/663581509069242368
The small primes are picked and used to generate a small insecure key at lines 85 and 88.