Francois Grieu <[email protected]> writes:
>According to a presentation made at the 27th Chaos Communication Congress,
>there is a serious bug in the code that was used to produce ECDSA signatures
>for the PS3: the same secret random was reused in several signatures, which
>allowed the team to recover the private key from signatures.
Let me guess, the developers were so blinded by the cromulence of ECC ("we're
using ECC not RSA, we're secure!") that they forgot that security goes far
beyond just making an algorithm fashion statement. I've always regarded DLP
algorithms (all DLP algorithms, including the ECDLP ones) as far riskier than
RSA because there are so many things you can get wrong, many of them outside
your direct control, while with RSA as long as you check your padding properly
you're pretty much done.
>The relevant part of the presentation starts at 5'15" in
>http://www.youtube.com/watch?v=84WI-jSgNMQ
The whole talk (in three parts) is fascinating viewing, particularly the
summary of jailbreaking of embedded devices:
- Pretty much all of the (public) jailbreaks were to get Linux or other
software onto the device, not for piracy.
- All the devices were hacked in anything from one week to twelve months (the
record, for the Xbox360).
- Most of them used crypto, and AFAICT in none of them was the crypto directly
broken (Shamir's Law, crypto is bypassed not attacked).
Peter.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
