Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revisionBoth sides next revision | ||
public:papers:rsa_ccs17 [2018-01-24 08:19] – [ROCA: Vulnerable RSA generation (CVE-2017-15361)] xsvenda | public:papers:rsa_ccs17 [2018-04-04 07:39] – [Description of the vulnerability] xsvenda | ||
---|---|---|---|
Line 27: | Line 27: | ||
* 2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000). | * 2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000). | ||
- | The vulnerability was found by a close inspection of a large number of RSA keys generated and exported from the manufacturer smartcards by researchers at CRoCS laboratory, Masaryk University, Enigma Bridge and Ca' Foscari University. The full results | + | The vulnerability was found by a close inspection of a large number of RSA keys generated and exported from the manufacturer smartcards by researchers at CRoCS laboratory, Masaryk University, Enigma Bridge and Ca' Foscari University. The full results |
- | The vulnerability was disclosed to Infineon Technologies AG, following the responsible disclosure principle, in the first week of February with agreement of an 8 month period before a public disclosure. We cooperated with the manufacturer and other affected parties to help evaluate and mitigate this vulnerability during this period. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. We are now notifying general public and releasing tools for assessmnet | + | The vulnerability was disclosed to Infineon Technologies AG, following the responsible disclosure principle, in the first week of February with agreement of an 8 month period before a public disclosure. We cooperated with the manufacturer and other affected parties to help evaluate and mitigate this vulnerability during this period. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. We are now notifying general public and releasing tools for assessment |
===== Impact ===== | ===== Impact ===== |