Cancel

double-chevron

Support center

Find your answer by topic or keyword

 

Is my digital signature vulnerable to the ROCA attack?

Notarius’ digital signatures are not affected by this vulnerability.

« ROCA » is the name of a major vulnerability discovered in some asymmetric encryption algorithm implementation, which is used notably for digital signatures.

The vulnerability allows hackers to impersonate the holder of a signing certificate or ATM card. Citizen ID of entire countries are impacted (such as Estonia and Lithuania), ATM cards of millions of customers of major European banks, identity cards of millions of government employees (including the NSA!) and security chips present in tens of millions of computers. Estimates indicate that more than 50 million identity cards and ATM cards must be replaced; it is not an easy task, and it is not done quickly.

On the other hand, exploiting the vulnerability has a cost. The ATM cards are the easiest to crack; a vulnerable 512-bit key would cost about $ 1 to crack. For vulnerable keys of 2048 bits, it is more complex; estimates are around $ 30,000 (5 days with 10,000 virtual servers).