Open HenkPoley opened 8 years ago
This file contains a small list of small primes, that is easily crackable and thus insecure: https://github.com/minimarcel/vanilla/blob/a0bbd751a9622ba4b5dd7cc8c0ae38f9c66ad809/src/vanilla/security/crypt/RSACrypter.class.php
Issue is similar as: https://twitter.com/voodooKobra/status/663581509069242368
The small primes are picked and used to generate a small insecure key at lines 85 and 88.
Thanks for reporting this issue. This code is part of an old library that I'm not using any more, but yes your are absolutely right.
This file contains a small list of small primes, that is easily crackable and thus insecure: https://github.com/minimarcel/vanilla/blob/a0bbd751a9622ba4b5dd7cc8c0ae38f9c66ad809/src/vanilla/security/crypt/RSACrypter.class.php
Issue is similar as: https://twitter.com/voodooKobra/status/663581509069242368
The small primes are picked and used to generate a small insecure key at lines 85 and 88.