Home / News / Company news

Company News


.RU and .РФ domains tested for vulnerability to ROCA attack

The new ROCA attack CVE-2017-15361 uses flaws in the optimization of the RSA key generation process, in particular implemented in devices with Infineon crypto processors. The attack calculates the modular decomposition of the RSA key into simple multipliers, which completely compromises the corresponding key. RSA is now the world’s most widespread asymmetric encryption system: it is used as an electronic signature mechanism in many banking systems, in authentication and various other tools. The ROCA attack only hits some specific implementations of this cryptosystem: it does not allow cracking arbitrary RSA keys and does not necessarily indicate that this vulnerability was discovered in the cryptosystem itself. Nevertheless, due to the use of chips and the Infineon library in specialized equipment, the attack poses a great danger.

The creators of the attack published an algorithm to quickly test a particular RSA public key for susceptibility to the attack. TCI specialists have used the algorithm to check about 500,000 available RSA keys used by the TLS servers and TLS certificates in the Russian national .RU and .РФ domains. None of the keys showed vulnerability to ROCA. Yet, since keys were collected only from the nodes addressed by second-level domains (including the www prefix), one cannot rule out potentially vulnerable keys under third-level domain names.

However, in the TLS context, the use of crypto tokens for key generation is more likely to be an exception than general practice, so we should not expect a wide spread of vulnerable keys. Yet, the keys that were generated by the vulnerable hardware may be used in systems that protect critical resources (as crypto operators often believe that specialized hardware solutions always have higher security than universal software), which means that even isolated keys compromised can pose a significant threat.

Back to the list

.RU and .РФ domains tested for vulnerability to ROCA attack