Re: Security advisory for YubiKey 4: RSA generation broken
On 10/16/2017 09:13 PM, Yves-Alexis Perez wrote:
> On Mon, 2017-10-16 at 21:06 +0200, Christian Seiler wrote:
>> Unfortunately, as far as I understand it, there's no easy method for
>> detecting these kinds of broken keys without actually attempting to
>> factorize them - and while that's feasible (hence the vulnerability)
>> it is still quite expensive - so there is currently no easy method of
>> scanning through the Debian keyring for affected keys.
>
> Actually that's wrong, the generation process leaves “fingerprints” which can
> be used to identify keys. See for example:
>
> https://keychest.net/roca
> https://github.com/crocs-muni/roca
>
> These tools have been used to identify three vulnerable (sub)keys in the
> Debian keyring (this is already been taken care of).
Oh, fantastic, thanks!
Regards,
Christian
Reply to: