0xReki's Adventures

💡 🔍+ 🔍−

Cryptographic Meltdown on Monday

published on 2017-10-16 written by 0xReki
Paranoia, KRACK, WPA2, RSA, Infineon, ROCA

This is such a great start for the week… Not!

WPA2 can be attacked - all platforms are vulnerable. While the 4-way handshake used in WPA2 is mathematically proven to safe software is not safe. KRACK just uses some tricks to void the encryption. Their page explains everything; they even have a FAQ!

My favorite question from the FAQ:

Should I temporarily use WEP until my devices are patched?
NO! Keep using WPA2.

I had just come to terms with the WPA2 disaster when the next bomb dropped: Vulnerabilities in RSA Generation. Since every news on it featured digital passports from Estonia, and to be honest digital passports badly implemented everywhere and people still don’t care, so it shouldn’t be that a big deal.

But upon reading the article the rabbit hole became quite deep: everything that uses a certain version of the Infineon RSA library created keys that are easily factorisable. Oh that library is also used on some cryptography hardware. You wanted to use some hardware so your key is better/safer/etc.? Chances are you might have used that library and have a very weak now. I’ll just refer to Infineon’s page on the TPM update.

EDIT 2016-10-17: Some Yubikeys are affected, too. Good thing they have a ROCA online test tool that you can use the check your keys.

EDIT 2017-11-08: The situation got even worse

Load Facebook Comments (3rd Party Script)

0xReki's Adventures on other Platforms:

Facebook Twitter vk

This page might use cookies to improve user experience. Until you accept the Cookie & Privacy Policy those features are disabled. No cookies will be stored until the policy is accepted.

✘ Accept Minimal Cookies I Want the Best Experience and Accept All Cookies and scripts
Load Facebook Comments (3rd Party Script)