[Cryptography] Response to weak RNGs in Taiwanese and Estonian digital ID cards?
Dmitry Belyavsky
beldmit at gmail.com
Tue Oct 24 13:38:10 EDT 2017
Dear Ondrej,
On Tue, Oct 24, 2017 at 5:41 PM, Ondrej Mikle <ondrej.mikle at gmail.com>
wrote:
> Hi,
>
> there was similar case with Taiwanese cards in 2013 (batch GCD+Coppersmith
> - https://smartfacts.cr.yp.to/smartfacts-20130916.pdf). However I can't
> seem to find how they handled it eventually. There was recent news that
> they will replace the ID cards for some unspecified reason -
> http://embeddedsecuritynews.com/2017/10/taiwan-to-issue-
> electronic-id-cards-in-a-year-minister/
>
> Same goes for Estonian cards - no idea what mitigation or response was
> announced. It also seems that the news broke for Estonian cards one month
> sooner than for Slovak eID cards (source, but in Slovak:
> https://www.rtvs.sk/televizia/archiv/11580/139321#489).
>
> Slovakia finally announced shutting down all e-government services and
> that's it for now. Not sure whether they plan on reissuing/repgramming the
> cards.
>
AFAIK the problem is not with bad RNGs. At least for Slovakia and Estonia.
Estonia has already anounced that new cards are testing.
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171024/170aafc6/attachment.html>
More information about the cryptography
mailing list