CryptoDB
Randomness of random in Cisco ASA
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | It all started with ECDSA nonces and keys duplications in a large amount of X.509 certificates generated by Cisco ASA security gateways, detected through TLS campaigns analysis. After some statistics and black box keys recovery, it continued by analyzing multiple firmwares for those hardware devices and virtual appliances to unveil the root causes of these collisions. It ended up with "keygens" to recover RSA keys, ECDSA keys and signatures nonces. The current presentation describes our journey understanding Cisco ASA randomness issues through years. More generally, it also provides technical and practical feedback on what can and cannot be done regarding entropy sources in association with DRBGs and other random processing mechanisms. |
| Video: | https://youtu.be/608NQdTn39Q?t=1342 |
BibTeX
@misc{rwc-2023-35452,
title={Randomness of random in Cisco ASA},
note={Video at \url{https://youtu.be/608NQdTn39Q?t=1342}},
howpublished={Talk given at RWC 2023},
author={Ryad BENADJILA and Arnaud EBALARD},
year=2023
}