Taiwan’s Citizen Smart Card Plan Compromised by Bad RNGs

In a recent paper compiling a few years of ongoing research, an international team has described the methods they used to find the cryptographic keys of 184 out of 2 million smart card certificates issued to the Taiwanese public by their government. More than a hundred of the keys shared prime numbers used in their generation with at least one other key,  While this may seem like a trivial number of failures for a program of this size, the algorithm used to generate the keys, 1024 bit RSA, can randomly choose between more than 2^502 different prime numbers when building a key. Even in a sample size as large as 2 million, any prime sharing indicates deep seated failure in the employment of the cryptographic system. The researchers used regular desktop computers to find the keys, in operations that should have taken millions of years of processing time had the cryptosystems been implemented correctly.

The cards were issued by the Taiwanese government to enable citizens to authenticate themselves to the government when using online services, such as paying taxes. The vulnerable cards were all using RSA 1024, while most of the cards issued now use RSA 2048. The government has also attempted to reach out to the citizens whose cards are cryptographically compromised in order to replace them.

Problematically, the system and the smart cards had been certified as cryptographically safe by a number of agencies. This failure will certainly raise more doubt about the current effectiveness of certification agencies for cryptography. In the wake of the remaining questions regarding the DUAL_EC_DRBG fiasco at the US’s NIST (National Institute of Science and Technology), the old question of “Quis custodiet ipsos custodes?” or “Who watches the watchmen?” still stands.

Dan Gifford – MCySec Media Manager 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>