ROCA Is The New KRACK

ROCA Is The New KRACK

Tester here: https://github.com/crocs-muni/roca

via Kam-Yung Soh

Originally shared by Jan Wildeboer

This is a helluva lot more frightening than #KRACK. RSA keys can be factorised fast when they come from Infineon chips and are generated by their library. OUCH!

Disclosure of Infineon RSA vulnerability (ROCA) https://roca.crocs.fi.muni.cz . Tester for vuln. keys. TPM,Bitlocker,eID,GitHub SSH,PGP...impacted


"A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. "

UPDATE The workaround is to generate the public/private key with known good implementations (openSSL, for example) and store the keys on the chips. #OpenFTW
https://roca.crocs.fi.muni.cz

Comments

Post a Comment

Popular posts from this blog

Entremet

Entremet Originally shared by Kam-Yung Soh "“Like most people in the US, I grew up knowing the words to this carol and even (shudder) singing them occasionally (singing is not a strong point of mine), but never really thought about what they meant, how the carol originated, or what birds were involved”, says Dr Rasmussen in email. So she decided to figure it out. Dr Rasmussen, who’s tied for third for the most bird discoveries in the world, is probably also the world’s foremost avian sleuth, due to her meticulous detective work a few years ago that uncovered the many ornithological thefts and records frauds in museums that were committed by eminent British ornithologist, Richard Meinertzhagen. But who would ever have thought that an old Christmas carol might also hold an avian mystery? “After all, it’s just a Christmas carol!” Dr Rasmussen points out." https://medium.com/@GrrlScientist/meet-the-real-birds-of-the-twelve-days-of-christmas-fame-grrlscientist-5a8bc09350c9
Read more

Flushbunkingly Gloriumptious

Flushbunkingly Gloriumptious Originally shared by Kam-Yung Soh "Renowned children's author and occasional spy, Roald Dahl spent the last years of his life in a home located in the small English village of Great Missenden, and now his beloved village is home to an attractive museum devoted to his life and works.  [...] Today the museum holds all of Dahl's original manuscripts, as well as his "Idea Books" where he would jot down his nascent creations. In addition to celebrating his writing career, there are also displays covering his service in the RAF. However, the crown jewel of the museum is the recreation of Dahl's purpose built "Writing Hut," complete with the arm chair he had customized to write in." http://www.atlasobscura.com/places/the-roald-dahl-museum
Read more

Originally shared by Kam-Yung Soh

Originally shared by Kam-Yung Soh So Labradors tend to overeat. Now it has been traced to genetic differences. "Dr Eleanor Raffan, a veterinary surgeon and geneticist who studies how genes influence metabolism at the Institute of Metabolic Science at the University of Cambridge recently published a study that examines the genetics that underlie food motivation and obesity in Labrador retrievers. [...] When Dr Raffan and her team carefully examined this POMC gene variant, they found that a small 14-basepair section a little more than halfway down the gene’s length was missing. This deletion creates a frameshift mutation that results in the production of an abnormal protein where the last half is scrambled into a blob of nonsense [...]. Normally, the POMC is translated into the POMC pro-peptide, which is cleaved at precise sites to give rise to number of smaller peptides, including the appetite suppressing neuropeptides, ß-MSH & ß-endorphin, but the abnormal POMC pro-peptide do...
Read more