Re: [guardian-dev] APK signing keys are vulnerable WAS: pgp, nsa, rsa
----- Forwarded message from Daniel McCarney <daniel@binaryparadox.net> ----- Date: Sun, 8 Sep 2013 18:31:35 -0400 From: Daniel McCarney <daniel@binaryparadox.net> To: Hans of Guardian <hans@guardianproject.info>, guardian-dev <guardian-dev@lists.mayfirst.org> Subject: Re: [guardian-dev] APK signing keys are vulnerable WAS: pgp, nsa, rsa
Wow, that is bad news indeed. It would be awesome to have androidobservatory.org also display full info about the signing keys, like the algorithm used, the bitness, generation date, etc. so we can easily check which keys are vulnerable.
Working on rolling that functionality out. I had to rewrite the app import pipeline so that I could store that information. I have the data collected but it isn't user facing yet. I can tell you that looking at the ~6,000 unique certificates in the observatory data about 75% are RSA 1024. As far as I'm aware it isn't possible to learn the key generation date from the certificate data in the PKCS7 structure stored in the META-INF directory of an APK.
I figure if the NSA can break 1024 bit RSA, its only a matter of time before China also has that capability. China are experts at industrial espionage, and they certainly know how to make chips. It is very conceivable that they could acquire the NSA's RSA cracking chip design and then build it domestically. Then I imagine that China would also be willing to sell those chips to allies, or perhaps even the highest bidder.
Yeah, the current NIST[1] advice on key sizes is very clear that 1024 bit RSA should be deprecated (though evidently NIST might not be an unbiased source of information...).
We'll have to make sure our signing key is not 1024 bit, and if so, work on a migration plan. The easiest way to start is to sign all new apps with a new key.
The pubkey in the cert used for the core Guardian Properties (ChatSecure, Obscuracam, etc) is definitely 1024 RSA. So is the pubkey in the cert used for Orweb. It would definitely be a good idea to start talking about migration plan, (and using a strong keysize in a new cert for all new properties) - Dan [1] http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf _______________________________________________ Guardian-dev mailing list Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen@leitl.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
participants (1)
-
Eugen Leitl