[Cryptography] [FORGED] Response to weak RNGs in Taiwanese and Estonian digital ID cards?
Hanno Böck
hanno at hboeck.de
Thu Oct 26 18:46:42 EDT 2017
On Wed, 25 Oct 2017 01:28:58 +0000
Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> What I'd like to see is a response from the organistions who
> certified them as secure.
Good luck getting an answer.
I covered this for a german news article [1] and asked both BSI (german
office for it security, they were responsible for the CC certification)
and NIST about a statement. I'm still waiting for an answer.
It seems the gov agencies responsible for certification aren't willing
to talk about this incident.
[1]
http://www.zeit.de/digital/datenschutz/2017-10/infineon-verschluesslung-personalausweis-tpm-bsi-zertifiziert
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
More information about the cryptography
mailing list