Weak RSA keys from Infineon HW / library


Recently, it has been demonstrated that many Infineon TPMs and smart cards are generating RSA public/private key pairs which are practical to factor.

The researchers involved have produced code to test public keys for the weakness.

Code repository is at: https://github.com/crocs-muni/roca

Perhaps a test of that nature should be incorporated in the issuance pipeline to prevent certificate signatures over weak underlying keys?




It’s under discussion at the moment.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.