I heard that along with a public key, you need a initalization vector so that messages are not encryption identically in different instances. Since all a public key does is multiple prime numbers together, why are some keys the same as others? There are an infinite number of prime numbers (I think) so there should be no problem.
In: 0
In a *properly implemented* public key system with strong key length (such as 1024 bit RSA) the probability of the same public key coming up more than once is very very small (~1/2^200 ). Duplicate public keys are going to be exceedingly rare.
Unfortunately, about a decade ago it was found that many SSL certificate keys were using the same numbers as one of the two prime factors used to generate their public keys. This creates a weakness that could theoretically be exploited. It would still take significant effort, but the expected work required to break encryption would be quite reduced.
I’ve never seen an explanation of why this happened, but it’s likely due to poor random number generation. RNGs cannot be purely algorithmic if you want truly random outputs, and there are lots of ways to screw it up.
But it’s possible that there was some other programming error(s) responsible. Most cryptographic weaknesses are found to be due to flawed implementations, not flaws in the algorithm itself.
Latest Answers