Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5

[Jeffrey Walton <noloader () gmail com>]

On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk <noonslists () gmail com> wrote:
> From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
>
> "Here's the postage stamp version: due to a perfect storm of (subtle,
> but not novel) cryptographic flaws, an attacker can extract sensitive
> keys from several popular cryptographic token devices. This is
> obviously not good, and it may have big implications for people who
> depend on tokens for their day-to-day security. [...] The more
> specific (and important) lesson for cryptographic implementers is: if
> you're using PKCS#1v1.5 padding for RSA encryption, cut it out.
> Really. This is the last warning you're going to get."
>
> Direct link to the paper:
> http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf - Efficient
> Padding Oracle Attacks on Cryptographic Hardware by Bardou, Focardi,
> Kawamoto, Simionato, Steel and Tsay
"RSA says that its tokens are secure,"
http://www.h-online.com/security/news/item/RSA-says-that-its-tokens-are-secure-1627326.html

After a significantly improved attack on crypto hardware made the
news, RSA's Sam Curry has said that the affected SecurID 800 token is
secure. The token has not been cracked, and the attack is not useful,
explained Curry, adding that the attack does not allow private RSA
keys to be extracted from the token.
...

[Wasn't RSA caught lying about their breach also? Didn't they claim
the phishing campaign was an APT?]
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.