This is an interesting one. The same researchers also published some spooky research last year in which they're able to fingerprint an RSA public key and determine the probability that a given library or device generated the key pair.
Which is scary. If they're able to reliably fingerprint that, what more can be discerned? Does this allow substantial reduction in search space for factoring the key? They say no, for now. If you read their 2016 paper about the key fingerprinting, there are significant preludes to the Infineon issue. I had a suspicion when the TPM issue was announced that they were the ones who found it, and suspected that they found it during that work. Check out the RSA key fingerprinting tool: https://www.fi.muni.cz/~xsekan/ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy