https://crocs-muni.github.io/roca/
E' stata annunciata ieri la scoperta di una vulnerabilità (CVE-2017-15361) nella generazione di chiavi RSA da parte di una libreria software di Infineon Technologies AG. "The algorithmic vulnerability is characterized by a specific structure of the generated RSA primes, which makes factorization of commonly used key lengths including 1024 and 2048 bits practically possible. Only the knowledge of a public key is necessary and no physical access to the vulnerable device is required. The vulnerability does NOT depend on a weak or a faulty random number generator - all RSA keys generated by a vulnerable chip are impacted. The attack was practically verified for several randomly selected 1024-bit RSA keys and for several selected 2048-bit keys." I chip Infineon sono molto comuni, non solo su Smartcards e token crittografici, ma anche su TPM. rob ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
