Bleeping Computer

TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected

Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack. TPM stands for Trusted Platform Module (TPM), which is an ...
InfoQ

Poor Random Number Generation Makes 1 in Every 172 RSA Certificates Vulnerable

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. In this episode, Thomas Betts chats with ...
Ars Technica

Millions of high-security crypto keys crippled by newly discovered flaw

A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, ...
Ars Technica

In a first, cryptographic keys protecting SSH connections stolen in new attack

For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally ...
Infosecurity-magazine.com

The Dark Side of Cryptography: Kleptography in Black-Box Implementations

Bernhard Esslinger explores the dark side of cryptography Figure 1: Kleptographic attacks are possible in each of the components of a cryptosystem shown here. The encapsulation of a black-box ...
Bleeping Computer

GitHub revokes duplicate SSH auth keys linked to library bug

GitHub has revoked weak SSH authentication keys generated using a library that incorrectly created duplicate RSA keypairs. GitHub allows you to authenticate to their service without a user name and ...
Dark Reading

Ron Was Wrong, Whit Is Right, And What You Need To Know

Note: The credit for this post goes entirely to my colleagues at Stach & Liu. In particular, the initial draft of this entry was written by Carl Livitt and further updated by Rob Ragan. I felt it was ...