#Tpm

How to mitigate ROCA TPM vulnerability?

Published at April 17, 2019 · Krystian Hebel ·  9 min read

ROCA vulnerability was discovered (October 2017) in a software library, RSALib, provided by Infineon Technologies. That library is also used in TPM modules. When this vulnerability is present, a pair of prime numbers used for generating RSA keys is chosen from a small subset of all available prime numbers. This results in a great loss of entropy. Details and exact numbers can be found here. Discovering whether TPM is vulnerable All vulnerable keys have the same structure....

Categories: firmware security




Archives

2019 (12)
2018 (16)
2017 (12)
2016 (10)
2015 (8)
2014 (6)
2013 (14)
2012 (24)