[Cryptography] Response to weak RNGs in Taiwanese and Estonian digital ID cards?
Ondrej Mikle
ondrej.mikle at gmail.com
Tue Oct 31 13:12:27 EDT 2017
On 10/31/2017 12:29 AM, Peter Gutmann wrote:
> Ondrej Mikle <ondrej.mikle at gmail.com> writes:
>
>> The PDF of ROCA is finally available and the RNG in question is on page 3 of
>> the pdf. Does not look like the ANSI RNGs, though it's unlike any RNG I've
>> seen so far.
>>
>> Link: https://dl.acm.org/citation.cfm?id=3133969
>> Direct to pdf:
>> https://dl.acm.org/ft_gateway.cfm?id=3133969&ftid=1916330&dwn=1&CFID=824223213&CFTOKEN=62928332
>
> That's not the RNG, it's the prime/RSA keygen.
Ah, you're right. But do I understand correctly that the design of the keygen is
the reason the keys have low entropy which can be exploited with Coppersmith's
attack?
On a side note, the current response both in SK and EE is replacing they keys
and corresponding certificates.
EE article:
http://news.err.ee/639702/ria-id-card-patch-ready-expect-errors-as-thousands-update
In SK they are sending SMS telling owners to go to a office to replace they key.
Ondrej
More information about the cryptography
mailing list