Weak RSA keys from Infineon HW / library


#1

Recently, it has been demonstrated that many Infineon TPMs and smart cards are generating RSA public/private key pairs which are practical to factor.

The researchers involved have produced code to test public keys for the weakness.

Code repository is at: https://github.com/crocs-muni/roca

Perhaps a test of that nature should be incorporated in the issuance pipeline to prevent certificate signatures over weak underlying keys?

Thanks,

Matt


#2

It’s under discussion at the moment.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.