Attack: Factoring “short-sleeve” RSA keys wit polynomials reveal CompleteFTP bug

Published: 2026-06-12 11:40:35 |

Trail of Bits don show how dem develop new cryptanalytic way wey dey factor “short-sleeve RSA keys” when private keys get bias towards 0 bits because implementation bug. Di researchers wey Keegan Ryan lead, and Hanno Böck (badkeys project) join body, find hundreds of vulnerable keys for the wild by scanning certificate logs, TLS/SSH scans, and PGP keys. Di paper talk say dem find two real-world “short-sleeve RSA keys” patterns. Pattern 2 na from type mismatch for big-integer code for EnterpriseDT’s CompleteFTP. Di bug affect RSA key generation for versions 10.0.0–12.0.0 (Dec 2016–Mar 2019) and e also make vulnerable DSA keys for 10.0.0–23.0.4 (Dec 2016–Dec 2023). From internet scans, di team recover 603 unique RSA private keys and 74 DSA keys wey tie to the vulnerable CompleteFTP versions, plus 26 extra RSA keys wey show the unidentified short-sleeve pattern. Dem also give mitigation steps: CompleteFTP release v26.1.0 (May 8, 2026) with automated check wey go alert users when RSA/DSA keys must be regenerated, plus standalone tool. The report note say the vulnerability trend stop after the RSA fix release for March 2019, though di fraction of affected keys stay level because many hosts update software faster than dem rotate the generated host keys. Main message for security operators and traders wey dey watch infrastructure risk: “short-sleeve RSA keys” fit be cracked well using polynomial factorization when key bits get structural bias, turning bad randomness into real key exposure.

Neutral

Dis na na technical cryptography waka wey relate to one particular software (EnterpriseDT CompleteFTP) and to biased key generation, no be direct attack on major crypto networks or protocol-level exploit. E limit systemic market damage. Historically, crypto markets fit react sharp to credible security failures for widely-used infrastructure, but here scope dey limited to minority of hosts and to SSH/TLS/host-key contexts. For short term, traders fit feel small risk-off sentiment around “infrastructure trust” themes (same way markets dey twitch after serious TLS/PKI or wallet implementation bugs). But the report come with clear remediation steps (v26.1.0 and standalone checks), and the bigger timeline show say the RSA weakness trend stop after the code rewrite for March 2019 — meaning uncertainty fit manageable. For long term, bigger impact na informational: the “short-sleeve RSA keys” result confirm say biased randomness fit allow efficient factorization, we fit make people do more aggressive scanning and key-rotation practices for security tooling. That fit small increase compliance and operational costs, but e no likely to change crypto asset fundamentals materially. Net: neutral for market stability, with localized security-driven narratives instead of broad liquidation catalysts.