Factoring RSA keys from certified smart cards:
Coppersmith in the wild


Frequently asked questions

Is there any problem with 2048-bit Taiwan Citizen Digital Certificates?

We are not aware of any problem, although we also cannot guarantee that no problem exists. All of the keys factored so far are 1024-bit keys from green cards, not 2048-bit keys from red/pink cards. A retroactive GCD sanity check does not detect any repeated factors among the 2048-bit keys, although it is also not an indication of security.

We strongly recommend that the chip manufacturer publicly disclose full details of the RNG hardware in use and provide copies of the RNG hardware to researchers, allowing a thorough characterization of the physical failures of the RNG hardware on the 1024-bit cards and an analysis of the differences in the RNG hardware on the 2048-bit cards.

Version: This is version 2013.09.16 of the faq.html web page.