View previous topic :: View next topic |
Author |
Message |
n05ph3r42 Tux's lil' helper
Joined: 11 Jul 2016 Posts: 134
|
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10589 Location: Somewhere over Atlanta, Georgia
|
Posted: Wed Nov 08, 2017 10:31 pm Post subject: |
|
|
This vulnerability is in the news because of a bug in a specific Infineon smartcard chip library, specifically in the code that makes random pseudo-primes as part of RSA private key generation and specifically in their SLE78 family of chips. If you're not using anything with that chip family, there's really not much to see here. Linux software key generation, at least with the well known security libraries, to my knowledge is not affected: openssl doesn't make vulnerable keys, nor does ssh-keygen.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
n05ph3r42 Tux's lil' helper
Joined: 11 Jul 2016 Posts: 134
|
Posted: Thu Nov 09, 2017 1:18 pm Post subject: |
|
|
Many TPM's affected. This mostly should warn its users. |
|
Back to top |
|
|
|