最近的另外一個大包,不過這包是 Infineon Technologies 在實做 RSA 算法時的問題,倒不是 RSA 算法本身有問題。之所以會「大」是因為有太多人用了:「ROCA: Vulnerable RSA generation (CVE-2017-15361)」。
起因於 Infineon Technologies 在產生 key 時的組合有限,於是要猜測的 keyspace 小很多。
以研究者的估算,可以看出 CPU year 都被大幅減少了,都是屬於「可行」的範圍:
The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014):
512 bit RSA keys - 2 CPU hours (the cost of $0.06);
1024 bit RSA keys – 97 CPU days (the cost of $40-$80);
2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000).
而且這邊是用 CPU year 估算,如果考慮 FPGA 加速計算,應該會短更多...
另外從發現到公開的時間線也拉得很長,可以看到中間一直在找解決方案:
2nd of November 2017 - Presentation of all details at the ACM CCS conference (to come)
16th of October 2017 - The initial version of the public disclosure published
May to October 2017 - Cooperation with the manufacturer and other affected parties to help evaluate and mitigate the vulnerability
1st of February - The vulnerability disclosed to Infineon Technologies AG
End of January - The vulnerability found
過一陣子就會去 conference 上報告了...