[cryptography] Fatal flaw in Taiwanese smart card RNG

John Kemp john at jkemp.net
Mon Sep 16 12:10:24 EDT 2013


See:

http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/

for overview, and:

http://smartfacts.cr.yp.to/

for more details of the research.

Would it be advisable to implement a test, prior to any certification of an RNG, whereby some large number of keys are created and tested using a set of 3 or 4 known algorithms (such as those used in this paper) for breaking keys?

Cheers,

- johnk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130916/d2618cc0/attachment.html>


More information about the cryptography mailing list