Attack: Factoring “short-sleeve” RSA keys via polynomials exposes CompleteFTP bug

Published: 2026-06-12 11:40:35 |

Trail of Bits details a new cryptanalytic method to factor “short-sleeve RSA keys” when private keys are biased toward 0 bits due to implementation flaws. The researchers, led by Keegan Ryan and in collaboration with Hanno Böck (badkeys project), found hundreds of vulnerable keys in the wild by scanning certificate logs, TLS/SSH scans, and PGP keys. The paper identifies two real-world “short-sleeve RSA keys” patterns. Pattern 2 is traced to a type mismatch in big-integer code in EnterpriseDT’s CompleteFTP. The bug affected RSA key generation in versions 10.0.0–12.0.0 (Dec 2016–Mar 2019) and also produced vulnerable DSA keys in 10.0.0–23.0.4 (Dec 2016–Dec 2023). From internet scans, the team recovered 603 unique RSA private keys and 74 DSA keys tied to vulnerable CompleteFTP versions, plus 26 additional RSA keys showing the unidentified short-sleeve pattern. They also provide mitigation steps: CompleteFTP released v26.1.0 (May 8, 2026) with an automated check that alerts users when RSA/DSA keys must be regenerated, plus a standalone tool. The report notes the vulnerability trend stopped after the RSA fix shipped in March 2019, though the fraction of affected keys plateaued because many hosts update software faster than they rotate generated host keys. Core takeaway for security operators and traders watching infrastructure risk: “short-sleeve RSA keys” can be cracked efficiently using polynomial factorization when key bits are structurally biased, turning bad randomness into real key exposure.

Neutral

This is a technical cryptography break tied to specific software (EnterpriseDT CompleteFTP) and to biased-key generation, not a direct attack on major crypto networks or a protocol-level exploit. That limits systemic market damage. Historically, crypto markets can react sharply to credible security failures in widely used infrastructure, but here the scope appears constrained to a minority of hosts and to SSH/TLS/host-key contexts. In the short term, traders may see mild risk-off sentiment around “infrastructure trust” themes (just as markets often twitch after serious TLS/PKI or wallet implementation bugs). However, the report is accompanied by clear remediation steps (v26.1.0 and standalone checks), and the broader timeline indicates the RSA weakness trend stopped after a code rewrite in March 2019—suggesting uncertainty is manageable. In the long term, the bigger impact is informational: the “short-sleeve RSA keys” result reinforces that biased randomness can enable efficient factorization, which may prompt more aggressive scanning and key-rotation practices across security tooling. That could marginally increase compliance and operational costs, but it’s unlikely to materially change crypto asset fundamentals. Net: neutral for market stability, with localized security-driven narratives rather than broad liquidation catalysts.