Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6200

Check for weak RSA keys as described in "The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli"

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key [1].

      The attack is described in the conference paper The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas which will be disclosed at the ACM conference Nov 2nd.

      We should implement a check for weak Infineon keys in our RSA validator. There is already code available which we can use [2].

      The issue has also been discussed at the Mozilla Security Policy mailing list [3]. The CVE number for the vulnerability is CVE-2017-15361 [4].

      [1] https://crocs.fi.muni.cz/public/papers/rsa_ccs17
      [2] https://github.com/crocs-muni/roca/blob/master/java/BrokenKey.java
      [3] https://lists.mozilla.org/listinfo/dev-security-policy
      [4] https://nvd.nist.gov/vuln/detail/CVE-2017-15361

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              bastianf Bastian Fredriksson
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 day
                  1d
                  Remaining:
                  Remaining Estimate - 1 day
                  1d
                  Logged:
                  Time Spent - Not Specified
                  Not Specified