[Cryptography] Millions of high-security crypto keys crippled by newly discovered flaw

Phillip Hallam-Baker phill at hallambaker.com
Mon Oct 16 19:41:37 EDT 2017


On Mon, Oct 16, 2017 at 1:54 PM, Tamzen Cannoy <tamzen at cannoy.org> wrote:
> https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
>
>
> "The flaw resides in the Infineon-developed RSA Library version v1.02.013,
> specifically within an algorithm it implements for RSA primes generation.
> The library allows people to generate keys with smartcards rather than with
> general-purpose computers, which are easier to infect with malware and hence
> aren't suitable for high-security uses. The library runs on hardware
> Infineon sells to a wide range of manufacturers using Infineon smartcard
> chips and TPMs. The manufacturers, in turn, sell the wares to other device
> makers or end users. The flaw affects only RSA encryption keys, and then
> only when they were generated on a smartcard or other embedded device that
> uses the Infineon library.
>
> To boost performance, the Infineon library constructs the keys' underlying
> prime numbers in a way that makes them prone to a process known as
> factorization, which exposes the secret numbers underpinning their security.
> When generated properly, an RSA key with 2048 bits should require several
> quadrillion years—or hundreds of thousands of times the age of the
> universe—to be factorized with a general-purpose computer. Factorizing a
> 2048-bit RSA key generated with the faulty Infineon library, by contrast,
> takes a maximum of 100 years, and on average only half that. Keys with 1024
> bits take a maximum of only three months."

I just love those prime numbers that are prone to factorization.

Its like when I go to the Outback and Prime Rib is served in 8oz, 12oz
and 14oz. None of which are prime.They are however one greater than a
prime.


More information about the cryptography mailing list