[cabfpub] Blog post on Infineon key generation issue

philliph at comodo.com philliph at comodo.com
Mon Oct 16 23:47:34 UTC 2017


"To boost performance, the Infineon library constructs the keys' underlying prime numbers in a way that makes them prone to a process known as factorization <https://en.wikipedia.org/wiki/Factorization>, which exposes the secret numbers underpinning their security.”

I just love those primes that are vulnerable to factorization.

Looks like they didn’t use a proper primality test. 


I would like to move to an ECC suite that has been designed to be ro

> On Oct 16, 2017, at 2:44 PM, Geoff Keating via Public <public at cabforum.org> wrote:
> 
> https://crocs.fi.muni.cz/public/papers/rsa_ccs17 <https://crocs.fi.muni.cz/public/papers/rsa_ccs17>
> 
> “A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG ... Assess your keys now with the provided offline and online detection tools <https://crocs.fi.muni.cz/public/papers/rsa_ccs17#detection_tools_mitigation_and_workarounds> and contact your vendor if you are affected.”
> 
> It sounds like for CAs, the remediation is to implement the detection tool as a pre-check before issuing a certificate, and then start on the process of checking existing certificates for the flaw.
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171016/e4bedaa8/attachment-0003.html>


More information about the Public mailing list