A bad couple of years for the cryptographic token industry
This unlikely math-filled academic paper pullquote (for my usual reading habits, at least) brought to you and me via @slightlylate and his pointer to the captivating blog, A Few Thoughts on Cryptographic Engineering. Thankfully, the post describes the paper’s achievement and implications:
Here’s the postage stamp version: due to a perfect storm of (subtle, but not novel) cryptographic flaws, an attacker can extract sensitive keys from several popular cryptographic token devices. This is obviously not good, and it may have big implications for people who depend on tokens for their day-to-day security. If that describes you, I suggest you take a look at this table:
Tokens affected by the Bardou et al. attacks. A checkmark means “vulnerable”. (source). That’s the headline news, anyway. The more specific (and important) lesson for cryptographic implementers is: if you’re using PKCS#1v1.5 padding for RSA encryption, cut it out. Really. This is the last warning you’re going to get.