During #39c3 Nadia Heninger introduced me to Keegan Ryan, and we talked about things that could go wrong in RSA, and how to detect keys with suspicious patterns created by defect RNGs. At some point, Keegan said: "You could check the Hamming Weight of the Modulus." And I replied: "I don't know what that means."
But it's actually quite simple. The Hamming Weight is the ratio of symbols, if we look at bits, how many 0s vs 1s are there. For a "proper", randomly generated RSA key, the ratio should be close to 0.5. If it's significantly different from that, it's likely not randomly generated.
We ended up finding some keys with repeating zero-byte patterns.It is possible to represent those as polynomials. Unlike integer numbers, polynomials can be factored efficiently, which means these keys can be broken.

We found SSH host keys that we could trace back to a software called CompleteFTP (which, furthermore, had another RSA vulnerability in its Linux version and also generated vulnerable DSA keys - all fixed in the latest version of CompleteFTP, but keys need to be regenerated). We furthermore identified another class of vulnerable keys (with a different width of zero byte patterns) in TLS certs (both self-signed and WebPKI-signed, but all expired, so no revocations), most of them from Verizon+Yahoo, but we were unable to identify the vulnerable RSA implementation.

If you're interested in the details of the attack, check Keegan's blog post:
https://blog.trailofbits.com/2026/06/12/factoring-short-sleeve-rsa-keys-with-polynomials/

The latest badkeys version 0.0.18 detects all affected vulnerable keys.

Are you in Tāmaki Makaurau? Do you like socialist literature at bargain prices?

The Socialist Library Project is selling surplus books at Trades Hall on July 25

https://facebook.com/events/s/socialist-booksale-to-support-/1444222294402883/

Crossposted with @openvibe

Assoc editor of Frontiers in Systems #Neuro:

Over the last month I saw that human editors are now stripped of control. I could no longer stop the system from auto-inviting "reviewers" with zero relevant expertise. Even worse - the AI began actively revoking the invitations I manually sent out to actual, qualified experts.

I emailed and met with the editorial office to ask for the AI assistant to be turned off. I was told this is not possible.

https://bsky.app/profile/michael-okun.bsky.social/post/3mnxkxte55s25

Sometimes you can really tell a Wikipedia article is gonna be good from the table of contents.

https://en.wikipedia.org/wiki/Blue_Peacock

Our statement on the UK government’s demand that all content on all devices sold or used in the country be scanned, on the presumption of nudity, using a dystopian combination of age verification and content scanning. This proposal will not safeguard children. It endangers us all.

https://signal.org/blog/pdfs/2026-06-08-uk-surveillance-is-not-safety.pdf