Researchers devise practical key recovery attack against smart cards, security tokens

By | June 28, 2012

Source: Computerworld

by Lucian Constantin

In this article “A team of cryptographic researchers claim to have developed an attack method that can be used to recover secret keys in an acceptable time frame from cryptographic devices like smart cards, hardware security modules and USB security tokens.

The new attack method was documented in a research paper that will be presented later this year at the CRYPTO 2012 cryptology conference and significantly improves previously known oracle padding attacks against asymmetric (RSA PKCS#1 v1.5) and symmetric (AES-CBC) encryption standards.

The method works on devices like the RSA Securid 800, Aladdin eTokenPro, Gemalto Cyberflex, Safenet Ikey 2032 and Siemens CardOS that use the vulnerable encryption standards for key export and import functions”

Leave a Reply