Extraction et attaque de clés publiques RSA grâce à une faiblesse courante des signatures électroniques - application à PGP et Vigik

This talk will show a very common weakness in RSA signatures. We will be able to computationally extract public RSA keys from communications and embedded systems in case the public key is voluntarily not published. This weakens RSA signatures where keys of small sizes and/or quality are used and allows direct factoring attacks. 2 studies will be conducted on PGP/GPG e-mails and on the Vigik access control system which protects access to nearly 1 million buildings in France.

Renaud Lifchitz
Renaud Lifchitz is a French senior IT security consultant. He has a solid penetration testing, training and research background. His main interests are protocol security (authentication, cryptography, protocol security, information leakage, zero-knowledge proof, RFID security) and number theory. He currently mostly works on wireless protocols and was speaker for the following international conferences: CCC 2010 (Germany), Hackito Ergo Sum 2010 & 2012 (France), DeepSec 2012 (Austria), Shakacon 2012 (USA), 8dot8 2013 (Chile).