Flaw crippling millions of crypto keys is worse than first disclosed | Ars Technica

Link articolo originaleArchivio di tutti i clip: <a href="http://clips.quintarelli.it">clips.quintarelli.it (Notebook di Evernote).Flaw crippling millions of crypto keys is worse than first disclosed Estonia abruptly suspends digital ID cards as crypto attacks get easier and cheaper. Dan Goodin - 11/6/2017, 11:10 PM Enlarge A digital identity card issued by the Republic of Estonia. Republic of Estonia, Interior Department A crippling flaw affecting millions—and possibly hundreds of millions—of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents.The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to br[...]

Articoli correlati

Lascia un Commento

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *

È possibile utilizzare questi tag ed attributi XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>