Aggiungo che Yubico ha reso disponibile https://www.yubico.com/keycheck/, se avete Yubikey dateci un'occhiata magari!
-------- Original Message -------- On Oct 17, 2017, 08:54, Roberto Resoli wrote: > https://crocs-muni.github.io/roca/ > > E' stata annunciata ieri la scoperta di una vulnerabilità > (CVE-2017-15361) nella generazione di chiavi RSA da parte di una > libreria software di Infineon Technologies AG. > > "The algorithmic vulnerability is characterized by a specific structure > of the generated RSA primes, which makes factorization of commonly used > key lengths including 1024 and 2048 bits practically possible. Only the > knowledge of a public key is necessary and no physical access to the > vulnerable device is required. The vulnerability does NOT depend on a > weak or a faulty random number generator - all RSA keys generated by a > vulnerable chip are impacted. The attack was practically verified for > several randomly selected 1024-bit RSA keys and for several selected > 2048-bit keys." > > I chip Infineon sono molto comuni, non solo su Smartcards e token > crittografici, ma anche su TPM. > > rob > ________________________________________________________ > http://www.sikurezza.org - Italian Security Mailing List
