RSA is one of the most commonly used algorithm for providing confidentiality, integrity and authenticity of digital information. RSA is used to secure web traffic up to TLS 1.2. Today, web servers have a certificate which protects the traffic between a web server and a client. This certificate contains a public key of 1024, 2048 or 4096-bits. But what will happen when the key material of the certificate is not correctly generated? Are you still sure that traffic is protected and cannot be compromised? I show you one of the different ways on how a private key of a certificate can be ‘recovered’ when you only have access to the public key (certificate) of the web server.
This is a technical session, all code is developed by the presenter and demonstrated using VM’s.
Speaker: Johan Loos
Johan Loos is a security researcher, security specialist and privacy professional with interest in the area of IT security, information security, privacy and cryptography. I am passionate about technology and evangelize security to organizations to take security seriously by implementing security and privacy by design principles.