Re: Incident report - ROCA fingerprints in certificates issued by Comodo CA (was Re: RSA key generation vulnerability in Infineon firmware)

2017-11-09 Thread Rob Stradling via dev-security-policy
On 09/11/17 13:09, Rob Stradling via dev-security-policy wrote: On 06/11/17 22:26, Rob Stradling via dev-security-policy wrote: On Monday 6th November, we scanned the certificates that we'd issued between 20th October and 5th November.  8 further server authentication certificates were found,

Re: Incident report - ROCA fingerprints in certificates issued by Comodo CA (was Re: RSA key generation vulnerability in Infineon firmware)

2017-11-09 Thread Rob Stradling via dev-security-policy
On 06/11/17 22:26, Rob Stradling via dev-security-policy wrote: On Monday 6th November, we scanned the certificates that we'd issued between 20th October and 5th November.  8 further server authentication certificates were found, all for subdomains of the same registered domain.  We will get

RSA key generation vulnerability in Infineon firmware

2017-10-16 Thread Alex Gaynor via dev-security-policy
Hi all, Today researchers announced a vulnerability they discovered in RSA keys generated by a particular piece of firmware, which allows practical factorization of the private key given just the public key. Full details of the research here: https://crocs.fi.muni.cz/public/papers/rsa_ccs17