It was reported yesterday that millions of high-security crypto keys could have been crippled by a newly discovered flaw.
A crippling flaw in a widely used code library, developed by German chipmaker Infineon has fatally undermined the security of millions of encryption keys. Jon Geater, CTO, Thales eSecurity provides an insight on this news below.
Jon Geater, CTO at Thales eSecurity:
“While the effects of this latest flaw are concerning, it’s interesting to note that this is far from the first time it’s happened. Generating high quality signing keys from high quality entropy and key generation processes is absolutely fundamental, especially in large scale systems where lots of public keys are available to sample.
“It was a similar problem that Sony’s Playstation software download system suffered in 2010, and exactly what happened to the Taiwan National ID registry in 2013. In the Taiwan case the paper by Bernstein et al was even called “Factoring RSA keys from certified smart cards”…not too far from 2017’s “factoring RSA keys from certified TPMs” is it?
“The bottom line is that crypto is harder than it looks. It’s important to employ experts and use quality specialist equipment to generate, store and use your keys.”
