科技回声

9 条评论

tauntz超过 7 年前

The vulnerability in question: *The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli∗ <a href="https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf" rel="nofollow">https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs...</a>Estonian ID card uses 2048 byte keys which means generating a private key from a public key takes 140.8 CPU years which is quite fast/trivial/cheap using a distributed approach (botnet, your already existing HW that you use for mining etc).. considering the implications.<a href="https://www.schneier.com/blog/archives/2017/09/security_flaw_i.html" rel="nofollow">https://www.schneier.com/blog/archives/2017/09/security_flaw...</a>

评论 #15618774 未加载

emerongi超过 7 年前

Official announcement: <a href="https://www.valitsus.ee/en/news/estonia-will-block-certificates-760-000-id-cards-evening-3-november" rel="nofollow">https://www.valitsus.ee/en/news/estonia-will-block-certifica...</a>It was claimed that software for cracking the private keys has entered the black market, so they had to block the sertificates earlier than expected.

评论 #15618853 未加载

jackvalentine超过 7 年前

> As of October 31, all users of faulty ID cards can update their security certificates remotely and at Estonian police and border guard service points.I have been trying every day to do so but constantly getting “server is overloaded” errors.

paulajohnson超过 7 年前

Other governments take note: this is what good electronic security looks like.

评论 #15618023 未加载

评论 #15620248 未加载

评论 #15620768 未加载

评论 #15618002 未加载

DocG超过 7 年前

>ID Card is compulsory>760,000 ID cards will be blocked>in country of 1.3 million>I have no idea how I can declare monthly VAT numbersIt is bad but could be worse. People are signing up for MobileID and there is still possible to update ID cards via going to the office.But poor people abroad. Basically they will be cut off from all the services.

评论 #15618146 未加载

评论 #15618241 未加载

baccredited超过 7 年前

estonia id card question: can ANYONE create a website that uses the card to authenticate? Or is it a estonia whitelist of services only?

评论 #15618629 未加载

smcl超过 7 年前

Been trying with little luck to arrange my appointment to pick up my card from the local embassy - I guess this is why

askz超过 7 年前

And then, we'll discover that ecdsa is also vulnerable on these chips?

pjc50超过 7 年前

This is fallout from the Infineon private key weakness, isn't it?

评论 #15617971 未加载

评论 #15619110 未加载

9 条评论

tauntz超过 7 年前

评论 #15618774 未加载

emerongi超过 7 年前

评论 #15618853 未加载

jackvalentine超过 7 年前

paulajohnson超过 7 年前

Other governments take note: this is what good electronic security looks like.

评论 #15618023 未加载

评论 #15620248 未加载

评论 #15620768 未加载

评论 #15618002 未加载

DocG超过 7 年前

评论 #15618146 未加载

评论 #15618241 未加载

baccredited超过 7 年前

estonia id card question: can ANYONE create a website that uses the card to authenticate? Or is it a estonia whitelist of services only?

评论 #15618629 未加载

smcl超过 7 年前

Been trying with little luck to arrange my appointment to pick up my card from the local embassy - I guess this is why

askz超过 7 年前

And then, we'll discover that ecdsa is also vulnerable on these chips?

pjc50超过 7 年前

This is fallout from the Infineon private key weakness, isn't it?

评论 #15617971 未加载

评论 #15619110 未加载

Estonia blocks electronic ID cards over identity-theft risk

9 条评论

Estonia blocks electronic ID cards over identity-theft risk

9 条评论