Hi, I am not sure what the implications will be but I think the redhat PKI system is at least using the same hardware. You should read this paper. http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf What does this mean for us as users?
For most token users, nothing. The researchers have not extracted the RSA private key, they extracted a symmetric key that is encrypted to the private key on the token. In environments where the token does not support decrypt, and operate on FIPS level-3 or above, this is big news, but for deployments which use a basic "RSA-op" function, not even separate Sign/Decrypt functions, you can simply decrypt the blob and get the symmetric key.
The paper is definitely worthy of attention, but for most deployments it will have little or now impact.
Best regard, Fabian Bertholm _______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users