

Factoring RSA keys from certified smart cards - pedro84
http://smartfacts.cr.yp.to/

======
zokier
> MOICA estimates that approximately 10000 cards were deployed in non-FIPS
> mode as a result of "human error".

While it's bit silly that the so called secure cards can be configured into
non-secure modes, I think it's important to note that again we have the human
factor messing our nice cryptosystems. The security of the FIPS mode might be
questionable too due the behaviour of the HW RNG, it should still improve the
security significantly over the non-FIPS mode which was the one found broken
in this analysis.

~~~
mikeash
It's an excellent lesson in real-world security. Humans are a weak factor, so
design accordingly. Whenever possible, do not even allow an insecure
configuration of a system. When that's not practical, do whatever you can to
at least default to a secure configuration.

~~~
fleitz
More generally known as Murphy's Law. It's invaluable in writing software, and
practically anything that will ever be used.

If you can't make it not go wrong, the second best thing you can do is make it
apparent that something has gone wrong.

------
kolun
I got one for filing tax report. Is there a way for an non-expert like me to
tell whether the one I have is vulnerable to attack?

~~~
zokier
For this specific case checking the key length would be the first step. In the
study afaik only 1024bit keys were found to be broken.

~~~
andrewcooke
which are from green cards. no keys from red/pink cards have been broken
(yet).
[http://smartfacts.cr.yp.to/faq.html](http://smartfacts.cr.yp.to/faq.html)

------
tikums
Dan Goodin from Ars Technica shares more details about the paper:

[http://arstechnica.com/security/2013/09/fatal-crypto-flaw-
in...](http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-
government-certified-smartcards-makes-forgery-a-snap/)

------
jlgaddis
I'm curious why they chose these particular cards. Cards from Gemalto seem
like a more obvious choice (to me).

