Ну вот, пошли еще практические применения электронных документиков
Мне нравилось рассуждать об этом в первой половине 2000-х. А теперь нравится, когда это воплотилось на практике в жизнь. Чем плоха ситуация с подобными электронными документами? Да тем, что взломав единожды, невозможно установить факт взлома. Например, обладая данными других людей, можно клепать абсолютно легальные документики. Ну нет никакой возможности электронно отличить два докумнента друг от друга. В этом их серьезное отличие от бумажных =). И это самый серьезный минус.
An attacker can efficiently factor at least 184 distinct 1024-bit RSA keys from Taiwan's national "Citizen Digital Certificate" database. The big story here is that these keys were generated by government-issued smart cards that were certified secure. The certificates had all the usual buzzwords: FIPS certification from NIST (U.S. government) and CSE (Canadian government), and Common Criteria certification from BSI (German government).
[The Ministry of the Interior Certificate Authority (MOICA) of Taiwan began deploying Citizen Digital Certificate smart cards in 2003. There are at least three different generations of MOICA smart cards: At first MOICA was using cards from Giesecke and Devrient. MOICA has never issued cards valid for more than eight years, so all of these cards will expire soon if they have not expired already. / Around 2006-2007 MOICA switched to Chunghwa Telecom, specifically the Chunghwa Telecom HICOS PKI smart card, using 1024-bit RSA keys. These cards are the subject of the SmartFacts research. / Around 2011 MOICA switched to a newer version of the Chunghwa Telecom HICOS PKI smart card, using 2048-bit RSA keys. (тут)]
These 184 keys include 103 keys that share primes and that are efficiently factored by a batch-GCD computation. This is the same type of computation that was used last year by two independent teams (USENIX Security 2012: Heninger, Durumeric, Wustrow, Halderman; Crypto 2012: Lenstra, Hughes, Augier, Bos, Kleinjung, Wachter) to factor tens of thousands of cryptographic keys on the Internet.
The remaining 81 keys do not share primes. Factoring these 81 keys requires taking deeper advantage of randomness-generation failures: first using the shared primes as a springboard to characterize the failures, and then using Coppersmith-type partial-key-recovery attacks. This is the first successful public application of Coppersmith-type attacks to keys found in the wild.
Сайтик подробнее: http://smartfacts.cr.yp.to/
.pdf
По наводке grey_olli
An attacker can efficiently factor at least 184 distinct 1024-bit RSA keys from Taiwan's national "Citizen Digital Certificate" database. The big story here is that these keys were generated by government-issued smart cards that were certified secure. The certificates had all the usual buzzwords: FIPS certification from NIST (U.S. government) and CSE (Canadian government), and Common Criteria certification from BSI (German government).
[The Ministry of the Interior Certificate Authority (MOICA) of Taiwan began deploying Citizen Digital Certificate smart cards in 2003. There are at least three different generations of MOICA smart cards: At first MOICA was using cards from Giesecke and Devrient. MOICA has never issued cards valid for more than eight years, so all of these cards will expire soon if they have not expired already. / Around 2006-2007 MOICA switched to Chunghwa Telecom, specifically the Chunghwa Telecom HICOS PKI smart card, using 1024-bit RSA keys. These cards are the subject of the SmartFacts research. / Around 2011 MOICA switched to a newer version of the Chunghwa Telecom HICOS PKI smart card, using 2048-bit RSA keys. (тут)]
These 184 keys include 103 keys that share primes and that are efficiently factored by a batch-GCD computation. This is the same type of computation that was used last year by two independent teams (USENIX Security 2012: Heninger, Durumeric, Wustrow, Halderman; Crypto 2012: Lenstra, Hughes, Augier, Bos, Kleinjung, Wachter) to factor tens of thousands of cryptographic keys on the Internet.
The remaining 81 keys do not share primes. Factoring these 81 keys requires taking deeper advantage of randomness-generation failures: first using the shared primes as a springboard to characterize the failures, and then using Coppersmith-type partial-key-recovery attacks. This is the first successful public application of Coppersmith-type attacks to keys found in the wild.
Сайтик подробнее: http://smartfacts.cr.yp.to/
По наводке grey_olli