Operating ROCA's crypto-vulnerability may be easier than intended.

In our blog on Habré, we already wrote that an international group of IB researchers discovered the critical vulnerability of ROCA (Return of Coppersmith's Attack) in the popular encryption library RSA Library v1.02.013 from Infineon. Error CVE-2017-15361 in the algorithm for generating RSA primes makes the encryption keys generated using the Infineon library subject to factorization — this allows attackers to reveal the secret part of the key.

And if, shortly after the announcement of vulnerability, researchers argued that its use for mass attacks would be disadvantageous to attackers from an economic point of view, now other independent experts Daniel J. Bernstein and Tanja Lange published a detailed study , according to which operating ROCA in practice may be cheaper and easier than originally intended.
')
The vulnerability library is used to ensure the security of national ID-cards in several countries, as well as in many popular software products used by both government agencies and businesses.

Initial calculations assumed that using the CVE-2017-15361 to recreate the 1024-bit key would take about 97 days of the processor, which is equivalent to $ 40- $ 80, while for a 2048-bit key, it would take 51,400 days and $ 20,000-40000. The authors of the study also calculated that hacking 760 thousand Estonian ID-cards would have cost the attackers 60 billion euros - 80 thousand per one card.

Now, evidence was presented that it can be done 5-25% faster, and hacking one ID will cost no more than 20 thousand euros - not to mention that hacking all IDs does not make sense, because for manipulation, for example, by voting on elections, it is enough to discredit and 10% of the cards.

Cases like the ROCA vulnerability reveal that the cost of fixing code in the later stages of the software life cycle is increasing exponentially. Despite this, the experience of conducting a source code security audit during the development process is still not widely spread. The risk of software errors that can lead to dangerous vulnerabilities always exists, so a flexible method of safe development is used, focused on high-quality code testing at all stages of the software life cycle.

On Thursday, November 16, at 14:00 , Free Technologies will host a free webinar on how to integrate the analysis of source code vulnerabilities into the existing development process and minimize the cost of eliminating defects that lead to the appearance of vulnerabilities. The webinar will be of interest to specialists familiar with the processes of developing and fixing vulnerabilities in software code.

To participate in the webinar you need to register .