Weak RSA keys from Infineon HW / library

mdhardeman · October 16, 2017, 7:27pm

Recently, it has been demonstrated that many Infineon TPMs and smart cards are generating RSA public/private key pairs which are practical to factor.

The researchers involved have produced code to test public keys for the weakness.

Perhaps a test of that nature should be incorporated in the issuance pipeline to prevent certificate signatures over weak underlying keys?

Thanks,

Matt

mnordhoff · October 16, 2017, 7:33pm

It's under discussion at the moment.

system · November 15, 2017, 7:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ROCA: Detect and reject vulnerable public keys? Feature Requests	13	4713	November 17, 2017
Issuing for common RSA key sizes only API Announcements	0	3167	September 16, 2020
2017.09.09 Late Weak Key Revocation Incidents	0	2769	September 19, 2017
Feature Request - Github Repo of Example Private Keys for testing Feature Requests	10	87	March 7, 2025
Qualys SSL Labs Weak or insecure signature Server	42	14456	August 20, 2016