The vulnerability in question: *The Return of Coppersmith’s Attack:
Practical Factorization of Widely Used RSA Moduli∗ <a href="https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf" rel="nofollow">https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs...</a><p>Estonian ID card uses 2048 byte keys which means generating a private key from a public key takes 140.8 CPU years which is quite fast/trivial/cheap using a distributed approach (botnet, your already existing HW that you use for mining etc).. considering the implications.<p><a href="https://www.schneier.com/blog/archives/2017/09/security_flaw_i.html" rel="nofollow">https://www.schneier.com/blog/archives/2017/09/security_flaw...</a>
Official announcement: <a href="https://www.valitsus.ee/en/news/estonia-will-block-certificates-760-000-id-cards-evening-3-november" rel="nofollow">https://www.valitsus.ee/en/news/estonia-will-block-certifica...</a><p>It was claimed that software for cracking the private keys has entered the black market, so they had to block the sertificates earlier than expected.
> As of October 31, all users of faulty ID cards can update their security certificates remotely and at Estonian police and border guard service points.<p>I have been trying every day to do so but constantly getting “server is overloaded” errors.
>ID Card is compulsory<p>>760,000 ID cards will be blocked<p>>in country of 1.3 million<p>>I have no idea how I can declare monthly VAT numbers<p>It is bad but could be worse. People are signing up for MobileID and there is still possible to update ID cards via going to the office.<p>But poor people abroad. Basically they will be cut off from all the services.