Infineon E-ID kaarten nu ook insecure, België geïmpacteerd?

Ander nieuws dat te maken heeft met topics die op userbase kunnen besproken worden
Plaats reactie
ubremoved_2964
Elite Poster
Elite Poster
Berichten: 5295
Lid geworden op: 12 jan 2006, 14:25
Uitgedeelde bedankjes: 65 keer
Bedankt: 387 keer

https://it.slashdot.org/story/17/10/16/ ... vered-flaw
The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.
En dan deze:

https://www.esat.kuleuven.be/cosic/publ ... le-769.pdf

België gebruikt ook infineon als merk van chipkaart.
It is the smart card initializer that starts the key pair generations during the initialisation phase of the eID card. The smart cards are produced by Infineon (chip type SLE66CX322P) and are equipped with the JavaCard operating system of Axalto.
Zijn er crypto experten hier die meer weten?
lembregtse
Starter Plus
Starter Plus
Berichten: 28
Lid geworden op: 21 jan 2010, 21:49
Uitgedeelde bedankjes: 1 keer
Bedankt: 6 keer

Je kan je authenticatie en teken certificaat testen op https://keychest.net/roca.

Ik heb de mijne getest en die werden niet als kwetsbaar aanzien, waarschijnlijk zijn ze ondertussen dan van leverancier veranderd, aangezien je link spreekt over:
Currently, Belgium is introducing an electronic version of its identity card.
Dit lijkt me al redelijk oud.
Plaats reactie

Terug naar “Ander nieuws”