Searching for The Prime Suspect: How Heartbleed Leaked Private Keys

In April 2014, John Graham-Cumming revealed that Heartbleed could leak private SSL keys through its messages. The Heartbleed Challenge demonstrated this vulnerability within hours of launching. Most people who obtained the challenge server's private SSL key did so by searching for prime numbers in Heartbleed message results. OpenSSL was initially believed to cleanse memory of primes, but further investigation showed that it left copies of these numbers throughout its memory space. This made them vulnerable to Heartbleed attacks. To address this issue, patches were developed and submitted to the OpenSSL team, including one that cleanses memory before freeing it and another that prevents caching of Montgomery parameters. A more radical solution is not storing private keys within OpenSSL at all, which CloudFlare has been testing.