Sunday, September 22, 2013
RSA: BSafe is not safe !
In this case it turns out you can easily compute the next PRG state after recovering a single output point (from 32 bytes of RNG output). This means you can follow the equations through and predict the next output. And the next output after that. And on forever and forever.****
This is a huge deal in the case of SSL/TLS, for example.
99% BAD HARDWARE WEEK: