ROCA attack [1Password is not affected]

hmoeller
hmoeller
Community Member
edited October 2017 in Lounge

Hi out there,

Just recently, Slovak and Czech researchers have found a very serious flaw in Infineon's crypto library which generated crippled RSA key pairs back since 2012. These key pairs allow the private part to be calculated from the public part in a very short term. Find the details on the ROCA (Return of Coppersmith's attack) in this article.

Is 1Password eligible to this flaw?

The paper giving the details of the flaw will be published on November, 2nd. So there is some time left to react, at least with respect to currently used keys. This is not the case with respect of formerly stored vaults, e.g. on a Dropbox. These vaults might be completely exposed to this attack without any chance to counter-act. There's only one chance in a situation like this: Change all your passwords prior to November, 2nd.

Please take this serious since it is one of the worst scenarios thinkable with respect to RSA cryptography.

Best regards,

Henning


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:infineon

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @hmoeller: No. 1Password is not using RSA-generated keypairs. And, as mentioned in the Ars Technica article (emphasis added),

    The flaw resides in the Infineon-developed RSA Library version v1.02.013, specifically within an algorithm it implements for RSA primes generation. [...] The library runs on hardware Infineon sells to a wide range of manufacturers using Infineon smartcard chips and TPMs. [...] The flaw affects only keys generated with the RSA algorithm, and then only when they were generated on a smartcard or other embedded device that uses the Infineon library.

    I hope this helps! :)

  • hmoeller
    hmoeller
    Community Member

    Helps a lot. Thank you very much for the clarification.

    BTW: The flaw may also affect systems which are using Microsoft's Trusted Platform Management. That's not necessarily a smartcard or embedded system. For example, it seems to affect Bitlocker, as well.

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member

    there were articles about this last week on Ars. Looks like that those libraries are showing up in more and more places.

    https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited October 2017

    BTW: The flaw may also affect systems which are using Microsoft's Trusted Platform Management. That's not necessarily a smartcard or embedded system. For example, it seems to affect Bitlocker, as well.

    @hmoeller: Well, technically, TPM is an embedded system Intel builds into chipsets...but I agree that I oversimplified. 1Password isn't using TPM though, so while it's an excellent point — I stand corrected — it's moot in this case. Thank you for catching that! :)

This discussion has been closed.