Estonia is called an pioneer of digitisation. A smart card on Estonian identity cards can be used, among or things, to do vieleBehördengänge electronically. Citizens can also take part in elections online with ir ID card.
Kerndes Estonian identity card is a chip that VerschiedeneVerschlüsselungsfunktionen implemented and originated from MünchnerFirma Infineon. But with this chip re is now a problem: Researchers from Czech Republic and Slovakia want to show at a conference in November how to knackenkann ir encryption with reasonable effort.
But security problem is even bigger. Because DasselbeVerschlüsselungssystem is used in many or products, including in so-called TPM chips, which are in many modern Laptopsverbaut and are ir for Windows file system encryption, and in Yubikeys – se are Hardware encryption modules for DenUSB port. DiePersonalausweise of Slovakia are also based on EntsprechendenInfineon hardware.
Infineon wants to have a thorough examinationThe Federal Office for Security in Information Technology (BSI) is responsible for this disaster – that is, authority that is supposed to provide security for DerIT infrastructure in Germany. For development of DerVerschlüsselung, Infineon has apparently left certification of patent BSI and has not orwise tested safety of its own product. Or at least not thorough enough.
In official statement of Infineon, this sounds different. Demnachhabe was used as a custodian, foundations of which were 2000entwickelt in year and which was only ten years later GründlicherÜberprüfung to use.
The encryption it is about is so-called RSA procedure. The abbreviation stands for its inventors Rivest, Shamir and Adelman. With RSA itself re is no problem, it is one of gängigstenVerschlüsselungsalgorithmen and is used in many places. The error was evident in creation of DerRSA key.
Beginner error: Invent your own crypto-solutionTo generate EinenRSA keys, you need two large, zufälliggewählte prime numbers. It is important that se prime numbers remain secret and cannot be guessed by an attacker networks. A simple and safe method is to simply randomly generate large numbers and n check that OBEs is a prime number. But this method has a disadvantage: it is not very fast. Infineon Sichoffenbar.
That is why Unternehmenein has developed its own process. The exact details are not public, but after all that is known, Wohlnur very special prime numbers were selected. This makes whole trial unsafe, because an attacker only has to eineeingeschränkte number of prime numbers.
In most cases, this would not be exactly favorable – discoverers estimate cost to be about 20,000 to $40,000 per attacked key if one were to buy necessary processing power at Amazon's cloud service AWS. But impact would be enormous. You can now exchange affected keys, but anything that has been encrypted in past is potentially unsafe and can be cracked by a suitably financially powerful attacker. In some cases, hardware must also be exchanged. Not to mention image damage to Infineon, BSI and "encryption location number one" that great Coalition had conjured up in its digital agenda.
Date Of Update: 20 October 2017, 12:03
