Re: How to detect RSA keys that are weak?

From: Francois Grieu <fgrieu@xxxxxxxxx>
Date: Fri, 10 Dec 2010 12:11:30 +0100

On 09/12/2010 23:23, Mark Wooding wrote:

Francois Grieu <fgrieu@xxxxxxxxx> writes:

On 01/12/2010 11:14, Mark Wooding wrote :

Software and firmware with FIPS 140--2 certificates can and does
have bugs, even security critical ones. Even stupid cryptographic
blunders. I know: I've found them, fixed them, issued security
advisories for them. There really isn't a silver bullet here.

For our enjoyment/nosiness, any example? Knowing where others
failed helps; and I just love such anecdotes.

I'd dearly love to share these war stories, but I'd be breaking
confidences if I gave too many details. All of nCipher's security
advisories were posted to Bugtraq and should be in the archives; several
of them apply directly to the module firmware.

Some googling later, I unearthed a public list of advisories
from 2006 with indeed spectacular blunders:
http://web.archive.org/web/20061209124112rn_1/www.ncipher.com/resources/security_advisories/

Relevant to this thread we have for example

Insecure Generation of Diffie-Hellman keys
http://www.securityfocus.com/archive/1/427146

Presence of flaws in firmware security
http://www.securityfocus.com/archive/1/427151

Quick googling failed to find similar public advisories after
2006 OR from any other HSM manufacturer. The practice in this
field is obscurity.

Francois Grieu
.

Follow-Ups:
- Re: How to detect RSA keys that are weak?
  - From: Nomen Nescio

References:
- How to detect RSA keys that are weak?
  - From: Mok-Kong Shen
- Re: How to detect RSA keys that are weak?
  - From: Maaartin
- Re: How to detect RSA keys that are weak?
  - From: Mok-Kong Shen
- Re: How to detect RSA keys that are weak?
  - From: Pubkeybreaker
- Re: How to detect RSA keys that are weak?
  - From: Pubkeybreaker
- Re: How to detect RSA keys that are weak?
  - From: Mark Wooding
- Re: How to detect RSA keys that are weak?
  - From: Francois Grieu
- Re: How to detect RSA keys that are weak?
  - From: Mark Wooding

Prev by Date: Re: Protocol for password based mutual certificate exchange?
Next by Date: Cryptanalysis of Skein
Previous by thread: Re: How to detect RSA keys that are weak?
Next by thread: Re: How to detect RSA keys that are weak?
Index(es):
- Date
- Thread

Relevant Pages

Re: Update utility
... >> I usually do a cvsup to update the list of the ports tree, ... Below is from a post to security@. ... >> facilitates security patch updating on FreeBSD. ... >> advisories, easy setup and use of CVSUP for source and ports tree ...
(freebsd-questions)
Re: [Full-Disclosure] Secunia Advisory: URL Spoofing
... we do not want to take credit from anyone; ... appreciate the work done by everyone in the security community. ... We will change certain parts of our advisories no later than next week ... By exploiting this vulnerability, known as a URL-spoofing ...
(NT-Bugtraq)
Re: [Full-Disclosure] Secunia Advisory: URL Spoofing
... we do not want to take credit from anyone; ... appreciate the work done by everyone in the security community. ... We will change certain parts of our advisories no later than next week ... By exploiting this vulnerability, known as a URL-spoofing ...
(Full-Disclosure)
Re: SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure
... 2000@stake modified their Bugtraq postings to include a small amount ... website only and not serve as content for for-profit advertising supported ... grounds that it contained minimal security information. ... Symantec should post its full advisories to ...
(Bugtraq)
Re: Individual consumers left out in the cold with Microsoft Security Advisories?!
... Microsoft to sound early alert for flaws ... Microsoft will introduce a security advisory service on Tuesday ... "Our advisories will allow us to communicate about more things than ...
(microsoft.public.windowsxp.general)