If you want to see raised eyebrows, just say “unbreakable crypto”. Yet everyone assumes their use of crypto is “unbreakable”. Security experts know it’s safe to reject “unbreakable systems” out of hand, but they often rely on the unbreakability of security protocols day in, day out.
Continue reading ROCA details published – taste of quantum cryptography →
We have reasonable grounds to believe that all
Gemalto IDPrime .NET smart cards generate weak RSA keys vulnerable to the recently published ROCA vulnerability (
CVE-2017-15361,
VU#307015). Gemalto stopped selling these cards in September 2017, but there are large numbers of cards still in use in corporate environments. Their primary use is in enterprise PKI systems for secure email, VPN access, and so on.
Continue reading ROCA vulnerability impact on Gemalto IDPrime .NET smart cards →
I wrote about the ROCA vulnerability yesterday. It affects Infineon security chips used in TPMs and smart cards. While it is easy to identify TPM modules and computers using them, smart cards are more difficult.
Continue reading ROCA vulnerability and Axalto / Gemalto .NET v2 smartcards →
Looking back, we can find many examples of errors in the algorithms used to create encryption keys. Not very many of them, however, were found in chips designed and sold as high-security devices for email signing, verifying software integrity, VPN access, or citizen e-ID cards.
Continue reading ROCA – Critical vulnerability in Infineon security chips →
As I was collecting reliability data for several PKI systems, I included Let’s Encrypt as it’s by far the biggest PKI system I was aware of. It provides its status data and its history at https://letsencrypt.status.io and here’s my informal analysis of its production systems.
Continue reading Let’s Encrypt uptime is 99.9% — or 98.8% without defects in 2017 →
"Any sufficiently advanced technology is indistinguishable from magic." A. C. Clark