Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mardi 17 octobre 2017

UPDATE RSA Key Generation Prone to Factorization Attack (CERT-EU Security Advisory 2017-023)

A vulnerability (CVE-2017-15361) in the procedure of RSA key generation used by a software library allows a practical factorization attack. As a result it is possible to compute the private part of an RSA key based only on its public part. The vulnerable library is used in cryptographic smartcards, security tokens, and other secure hardware chips manufactured by Infineon Technologies AG. An attack is feasible for commonly used key lengths - including 1024 and 2048 bits - and it affects chips manufactured as early as 2012.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 215

x

Événements SSI