[147636] in cryptography@c2.net mail archive
[Cryptography] Broken RNG renders gov't-issued smartcards easily
daemon@ATHENA.MIT.EDU (Ray Dillinger)
Fri Oct 11 13:46:55 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 11 Oct 2013 10:38:20 -0700
From: Ray Dillinger <bear@sonic.net>
To: cryptography@metzdowd.com
In-Reply-To: <52571A15.2060606@sonic.net>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Saw this on Arstechnica today and thought I'd pass along the link.
http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/2/
More detailed version of the story available at:
https://factorable.net/paper.html
Short version: Taiwanese Government issued smartcards to citizens.
Each has a 1024 bit RSA key. The keys were created using a borked
RNG. It turns out many of the keys are broken, easily factored,
or have factors in common, and up to 0.4% of these cards in fact
provide no encryption whatsoever (RSA keys are flat out invalid,
and there is a fallback to unencrypted operation).
This is despite meeting (for some inscrutable definition of "meeting")
FIPS 140-2 Level 2 and Common Criteria standards. These standards
require steps that were clearly not done here. Yet, validation
certificates were issued.
Taiwan is now in the process of issuing a new generation of
smartcards; I hope they send the clowns who were supposed to test
the first generation a bill for that.
Bear
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
