Researchers identify widespread weak RSA keys with patterned zeros in the wild

A team analyzing public-key datasets uncovered a new class of weak RSA keys distinguished by regularly spaced blocks of zeros interleaved with seemingly random data. The discovery originated from the development of an open-source tool, badkeys, designed to check public keys for known vulnerabilities. The researchers collected a large corpus of real-world keys from sources including Certificate Transparency logs, internet-wide TLS and SSH scans, and PGP key repositories.

Two distinct patterns of sparse RSA moduli were identified. Pattern 1 was observed in Certificate Transparency logs for certificates issued to major organizations such as Yahoo and Verizon, as well as on devices running NetApp software. Affected certificates in this category have since expired, and the researchers reported findings to the affected organizations without receiving a response about the root cause.

Pattern 2 was found on SSH hosts running CompleteFTP software from EnterpriseDT. The underlying vulnerability affects RSA keys generated using versions 10.0.0 through 12.0.0 (December 2016 to March 2019) and DSA keys generated with versions 10.0.0 through 23.0.4 (December 2016 to December 2023). The researchers note that multiple independent cryptographic implementations failed in similar ways, suggesting broader systemic issues in key generation practices.

The article does not speculate on intent, but the observed patterns—structured zeros at regular intervals—prompt public discussion about whether such weaknesses could be accidental or deliberately engineered. The researchers emphasize that cryptanalytic algorithms should be tailored to exploit this specific failure mode, and that similar vulnerabilities may exist in other implementations not yet analyzed.