» »

Ranljivost - pridobitev privatnega RSA ključa samo iz javnega ključa

Ranljivost - pridobitev privatnega RSA ključa samo iz javnega ključa

SomeOneNew ::


A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.

The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest.


Next, the researchers examined a sampling of 41 different laptop models that used trusted platform modules. They found vulnerable TPMs from Infineon in 10 of them. The vulnerability is especially acute for TPM version 1.2, because the keys it uses to control Microsoft's BitLocker hard-disk encryption are factorizable. That means anyone who steals or finds an affected computer could bypass the encryption protecting the hard drive and boot sequence.


"Millions of high-security crypto keys crippled by newly discovered flaw":
ARSTEHNIVCA LINK

fiction ::

Ta NSA-jevec, ki je pod krinko zaposlen pri Infineon, si pa res zasluži bonus. Underhanded crypto at its finest :)
https://github.com/crocs-muni/roca


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Ranljivost v AMD Ryzen procesorjih (strani: 1 2 )

Oddelek: Strojna oprema
555214 (308) Mr.B
»

Google bo šifriral podatke v Cloud Storageu

Oddelek: Novice / Varnost
3013099 (10318) LightBit
»

Nov članek: "All your firmware are belong to us" (strani: 1 2 3 )

Oddelek: Novice / Nova vsebina
13815926 (12766) arrigo
»

Vlada ZDA bo uporabljala polno kriptiranje vseh diskov (strani: 1 2 )

Oddelek: Novice / Diski
739325 (7360) Matrin

Več podobnih tem