4.16 ROCA VULNERABLE KEYS

EXERCISE 4.16: ROCA VULNERABLE KEYS

Unless your RSA keys are being generated by certain RSA hardware modules, the keys you have generated for the exercises in this chapter should not be vulnerable to ROCA, but it never hurts to check. For this exercise, visit the online ROCA vulnerability checking site at https://keychest.next/roca#/ and test a couple of keys.

---

The ROCA vulnerability is a cryptographic weakness that allows the private key of a key pair to be recovered from the public key in keys generated by devices with the vulnerability. “ROCA” is an acronym for “Return of Coppersmith’s attack”.

More can be found in the wiki page: https://en.wikipedia.org/wiki/ROCA_vulnerability