<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 06/26/2012 07:06 AM, Fabian Bertholm wrote:
<blockquote
cite="mid:CADEEoSdA1j5dNpaKbVqBdQ7ThsgG56_BVA20=b6STN7Ooe_yvA@mail.gmail.com"
type="cite">
<pre wrap="">Hi,
I am not sure what the implications will be but I think the redhat PKI
system is at least using the same hardware.
You should read this paper.
<a class="moz-txt-link-freetext" href="http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf">http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf</a>
What does this mean for us as users?</pre>
</blockquote>
<br>
The following response was provided by Robert Relyea:<br>
<blockquote>For most token users, nothing. The researchers have not
extracted the RSA private key, they extracted a symmetric key that
is encrypted to the private key on the token. In environments
where the token does not support decrypt, and operate on FIPS
level-3 or above, this is big news, but for deployments which use
a basic "RSA-op" function, not even separate Sign/Decrypt
functions, you can simply decrypt the blob and get the symmetric
key.<br>
<br>
The paper is definitely worthy of attention, but for most
deployments it will have little or now impact.<br>
</blockquote>
<br>
<blockquote
cite="mid:CADEEoSdA1j5dNpaKbVqBdQ7ThsgG56_BVA20=b6STN7Ooe_yvA@mail.gmail.com"
type="cite">
<pre wrap="">
Best regard,
Fabian Bertholm
_______________________________________________
Pki-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-users">https://www.redhat.com/mailman/listinfo/pki-users</a>
</pre>
</blockquote>
<br>
</body>
</html>