RSA-1024/2048 busted - consider new pgp keys

https://twitter.com/dangoodin001/status/919798487776034817 A 2nd major crypto vulnerability being disclosed Monday involves millions of 1024- and 2048-bit RSA keys that are practically factorizable.


Comments


[17 Points] _PrinterPam_:

This has NOTHING to do with public key cryptography as we use it. just one particiular RSA library used for cryptocards, not the one in common usage. Your literacy privileges should hereby be revoked.

"The flaw resides in the Infineon-developed RSA Library version v1.02.013, specifically within an algorithm it implements for RSA primes generation. The library allows people to generate keys with smartcards rather than with general-purpose computers, which are easier to infect with malware and hence aren't suitable for high-security uses. The library runs on hardware Infineon sells to a wide range of manufacturers using Infineon smartcard chips and TPMs."


[4 Points] locofloco:

The key length is not the problem. It's about the implementation which generate those keys. So if you don't use a software based on Infineons implementation you can be pretty sure, that your key is still safe. Even with 2048 as the key length.

Well for DN stuff 4096 keys are mandatory in my opinion, but for daily use (for example if you're using a Yubikey which is not capable of a high key length) it's still pretty safe to use 2048 keys. Especially if you've used open-source implementations like gnupg or similar.

Edit: ah, wanted to answer the other thread and missed it :(


[2 Points] locofloco:

Well this is some good FUD. The Twitter link is without any proof. The second article just says that specific implementations are broken (the implementation coming from Infineon specifically hardware based key generation like smartcards or TPMs, not the key length itself.


[-1 Points] fJGaWYnYDb8VYS7u:

Completely broken

https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

It means that if you have a document digitally signed with someone's private key, you can't prove it was really them who signed it. Or if you sent sensitive data encrypted under someone's public key, you can't be sure that only they can read it. You could now go to court and deny that it was you that signed something—there would be no way to prove it, because theoretically, anyone could have worked out your private key.