Slashdot Mirror
Flaw Crippling Millions of Crypto Keys Is Worse Than First Disclosed (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: A crippling flaw affecting millions -- and possibly hundreds of millions -- of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents. The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key. Organizations known to use keys vulnerable to ROCA—named for the Return of the Coppersmith Attack the factorization method is based on—have largely downplayed the severity of the weakness.
On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.
On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.
List please? Or is this going to be another one of those things?
Well, according to the authors' preprint version of the actual paper, there's quite a few software implementations of RSA-based encryption that are vulnerable - PGP among them.
If you'd prefer the authors' summary version, you'll find it here.
Check out my novel.
Estonia has online voting using these ids. It's also been heavily cyber and social attacked by neighboring Russia. So the democracy is at risk as long as they continue to allow online voting using ids with unknown flaws:
https://estoniaevoting.org/press-release/
"Estonia is the only country in the world that relies on Internet voting in a significant way for national elections. The system is currently used for Estonia’s national parliamentary elections, municipal elections and is planned to be used for the May 2014 European Parliamentary elections. In recent polls, 20-25% of voters cast their ballots online."
"In one [simulated by security experts critical of the system] attack, malware on the voter’s computer silently steals votes, despite the systems’ use of secure national ID cards and smartphone verification. A second kind of attack smuggles vote-stealing software into the tabulation server that produces the final official count. The team produced videos in which they carry out exactly the same configuration steps as election officials — but with the system under attack by a simulated state-level adversary. Everything appears normal, but the final count produces a dishonest result."
The big wake up call for them was a cyber attack by Russia in 2007:
https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia
BTW, Trump has ignored the deadline to impose sanctions against Russia for its cyber attack, and simply hasn't implemented them.
What you can do is submit your public key to an online checker, like https://keytester.cryptosense.... and see if it's vulnerable.
John
All PCs are insecure, whether used with card readers or not.
That's why in Estonia you can double-check via a physically independent channel (smartphone app) that your vote reached the server correctly. Worked fine for me at the recent elections.