rsa   2206

« earlier    

Golang RSA Key Generation
generate rsa golang example
rsa  kayato  #app 
7 weeks ago by lunch
Bad RSA Library Leaves Millions of Keys Vulnerable | Hackaday
So, erm… good news everyone! A vulnerability has been found in a software library responsible for generating RSA key pairs used in hardware chips manufactured by Infineon Technologies AG. The vulnerability, dubbed ROCA, allows for an attacker, via a Coppersmith’s attack, to compute the private key starting with nothing more than the public key, which pretty much defeats the purpose of asymmetric encryption altogether.

Affected hardware includes cryptographic smart cards, security tokens, and other secure hardware chips produced by Infineon Technologies AG. The library with the vulnerability is also integrated in authentication, signature, and encryption tokens of other vendors and chips used for Trusted Boot of operating systems. Major vendors including Microsoft, Google, HP, Lenovo, and Fujitsu already released software updates and guidelines for mitigation.

The following key length ranges are now considered practically factorizable (time complexity between hours to 1000 CPU years at maximum): 512 to 704 bits, 992 to 1216 bits and 1984 to 2144 bits. Note that 4096-bit RSA key is not practically factorizable now, but may become so, if the attack is improved.

The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014):

512 bit RSA keys – 2 CPU hours (the cost of $0.06);
1024 bit RSA keys – 97 CPU days (the cost of $40-$80);
2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 – $40,000).
encryption  pki  tpm  cybersecurity  vulnerability  crypto  keylength  rsa  hack 
10 weeks ago by bwiese
Virtual Session: The 5 Most Dangerous New Attack Techniques, and What's Coming Next - YouTube
ICS Opportunistic (general malware that got into control networks)
- Conflicker, Petya/Notpetya, BlackEnergy3
ICS Themed (malware to get ICS access, targeting control engineers)
- Dragonfly 2.0
ICS Tailored-Access (ICS exploits and capabilities on control systems)
- BlackEnergy2, Havex Dragonfly 1.0
ICS Tailored-Effects (interact with ICS to cause damage and destruction)
- Stuxnet, Crashoverride
ics  coinjacking  cybersecurity  rsa 
10 weeks ago by bwiese
Managing Multiple SSH RSA Keys - Serverlab
Using SSH Config to Manage Multiple Keys
A more elegant approach with having multiple keys is to create a config file for SSH. Within this file, we can specify which server or servers will use a particular key. Once you have populated the configuration file with servers and their keys, you can simple type SSH with the server name and not have to worry about specifying a key.
ssh  rsa  keys  multiple  multi  servers  config  pub  public  id_rsa 
12 weeks ago by 44sunsets
RSA SecurID Compromise Is of Concern, but Likely Not a Fatal Flaw
might enable an attacker to determine the shared secret of any particular token that is used to generate an OTP. However, this alone doesn't enable a direct attack. To successfully simulate an authentic OTP, an attacker would need to know two additional variables that are under control of the customer organization, PINs and user-token mappings.
rsa  securid  cybersecurity  gartner 
may 2018 by bwiese
RSA Compromise: Impacts on SecurID | Secureworks
On March 17, 2011, RSA announced [1] that a cyberattack on its systems was successful and resulted in the compromise and disclosure of information "specifically related to RSA's SecurID two-factor authentication products". While the full extent of the breach remains publicly undisclosed, RSA states that "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

However, seed secrecy is critical. An exposure of the seed to a third party may allow duplication of tokencodes, and by extension allow the guessing of PINs and one-time passwords.
rsa  secureid  compromise  2011  crypto 
may 2018 by bwiese
Defense contractor: “aggressive action” kept cyberattackers at bay | Ars Technica
Lockheed Martin issued a statement over the weekend saying that it was the target of a "significant and tenacious" attack against its computer systems on May 21. The company claims that the attack was detected "almost immediately" and that thanks to "aggressive action" by its information security team, no customer, program, or employee data was compromised.
rsa  lockheedmartin  2011  cybersecurity 
may 2018 by bwiese
RSA finally comes clean: SecurID is compromised | Ars Technica
RSA Security will replace virtually every one of the 40 million SecurID tokens currently in use as a result of the hacking attack the company disclosed back in March. The EMC subsidiary issued a letter to customers acknowledging that SecurID failed to protect defense contractor Lockheed Martin, which last month reported a hack attempt.

the reason RSA had not disclosed the full extent of the vulnerability because doing so would have revealed to the hackers how to perform further attacks. RSA's customers might question this reasoning; the Lockheed Martin incident suggests that the RSA hackers knew what to do anyway—failing to properly disclose the true nature of the attack served only to mislead RSA's customers about the risks they faced.
2011  rsa  secureid  lockheedmartin  compromise 
may 2018 by bwiese

« earlier    

related tags

#app  2011  2012  2017  adultcommissioning  ai  algorithm  algorithms  anxiety  apis.fail  artificialintelligence  asymmetrical  attack  attacks  audit  auth  authentication  automation  backdoor  benefits  bsafe  calculator  care  carpeltunnel  ccc  certificate  change  check  ciphers  claves  code  coinjacking  command  comp3911  compliance  compromise  computing  con  config  converter  coppersmith  criptografia  criptografía  cryptanalysis  crypto  cryptography  cryptopals  ctf  cybersecurity  djb  dsa  ecc  ecdsa  ecliptic-curve  economy  ed25519  eddsa  ejemplos  employment  encoding  encryption  error  example  exampleused  exploit  factoring  fail  favoritetweet  france  future  futureofwork  futurism  gartner  generate  generator  gnupg  gpg  guide  hack  hardare  hardware  https  ics  id_rsa  industrialstrategy  infineon  infinion  inflation  infosec  insecurity  intro  java  javascript  jisc  jobquality  jobs  jwt  kayato  key  keygen  keylength  keys  kryptographie  labour  latacora  library  librerias  lists  livingstandards  lockheedmartin  matasano  math  mathematics  maths  money  multi  multiple  negativos  news  nsa  online  openpgp  openssh  openssl  pain  paper  papers  password  pay  pgp  php  pki  precarity  predictions  presentation  primes  print  private  programming  ptacek  pub  public  register  research  restapinotes  robot  robots  roca  satellite  savings  scep  secureid  securid  security  seguridad  servers  sidechannel  smartcard  ssh-tunneling  ssh  ssl  structure  taylormatthew  technology  thinktank  tls  tpm  trailer  transformation  tunneling  tutorial  ubi  uk  ulnarnerve  universalbasicincome  update  vectors  video  vpn  vuln  vulnerability  wages  weak  websec  welfare  work  x509  yubikey  zerohours 

Copy this bookmark:



description:


tags: