info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
RSA key generation vulnerability in Infineon firmware
162 views
Skip to first unread message
Alex Gaynor
Oct 16, 2017, 10:13:22 AM10/16/17
to MozPol
Hi all,
Today researchers announced a vulnerability they discovered in RSA keys
generated by a particular piece of firmware, which allows practical
factorization of the private key given just the public key.
Full details of the research here:
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
There is a publicly available tool for testing keys here:
https://github.com/crocs-muni/roca
I'd encourage CAs to proactive check all of their issued certificates,
particularly S/MIME/client certs, since this affects common smartcard
implementations.
Cheers,
Alex
Today researchers announced a vulnerability they discovered in RSA keys
generated by a particular piece of firmware, which allows practical
factorization of the private key given just the public key.
Full details of the research here:
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
There is a publicly available tool for testing keys here:
https://github.com/crocs-muni/roca
I'd encourage CAs to proactive check all of their issued certificates,
particularly S/MIME/client certs, since this affects common smartcard
implementations.
Cheers,
Alex
Matthew Hardeman
Oct 16, 2017, 1:26:24 PM10/16/17
to mozilla-dev-s...@lists.mozilla.org
This is an interesting one.
The same researchers also published some spooky research last year in which they're able to fingerprint an RSA public key and determine the probability that a given library or device generated the key pair.
Which is scary. If they're able to reliably fingerprint that, what more can be discerned? Does this allow substantial reduction in search space for factoring the key? They say no, for now.
If you read their 2016 paper about the key fingerprinting, there are significant preludes to the Infineon issue. I had a suspicion when the TPM issue was announced that they were the ones who found it, and suspected that they found it during that work.
Check out the RSA key fingerprinting tool: https://www.fi.muni.cz/~xsekan/
The same researchers also published some spooky research last year in which they're able to fingerprint an RSA public key and determine the probability that a given library or device generated the key pair.
Which is scary. If they're able to reliably fingerprint that, what more can be discerned? Does this allow substantial reduction in search space for factoring the key? They say no, for now.
If you read their 2016 paper about the key fingerprinting, there are significant preludes to the Infineon issue. I had a suspicion when the TPM issue was announced that they were the ones who found it, and suspected that they found it during that work.
Check out the RSA key fingerprinting tool: https://www.fi.muni.cz/~xsekan/
0 new messages