77

edits

Jump to navigation
Jump to search
##
3DS System Flaws
(edit)

###
Revision as of 07:15, 11 January 2017

20 bytes removed
, 07:15, 11 January 2017
m

→Hardware

Line 91:
Line 91:

However, when setting a keyslot's modulus, the RSA hardware leaves the exponent alone. This allows retrieving the exponent by doing a discrete logarithm of the output.

However, when setting a keyslot's modulus, the RSA hardware leaves the exponent alone. This allows retrieving the exponent by doing a discrete logarithm of the output.

−By setting the modulus to a prime number whose modular multiplicative order is "smooth" (that is, p-1 is divisible by only small prime numbers), discrete logarithms can be calculated quickly using the [~~//en.~~wikipedia~~.org/wiki/~~Pohlig~~%E2%80%93Hellman_algorithm ~~Pohlig-Hellman algorithm]. If the prime chosen is greater than the modulus, but the same bit size, the discrete logarithm is the private exponent.

+By setting the modulus to a prime number whose modular multiplicative order is "smooth" (that is, p-1 is divisible by only small prime numbers), discrete logarithms can be calculated quickly using the [[wikipedia:Pohlig-Hellman algorithm|Pohlig-Hellman algorithm]]. If the prime chosen is greater than the modulus, but the same bit size, the discrete logarithm is the private exponent.

This exploit's usefulness is limited: these four keyslots' values are only used in current firmware for deriving the 6.x save and 7.x NCCH keys, which were already known. Additionally, with a boot ROM dump, this exploit is moot; these private keys are located in the protected ARM9 boot ROM.

This exploit's usefulness is limited: these four keyslots' values are only used in current firmware for deriving the 6.x save and 7.x NCCH keys, which were already known. Additionally, with a boot ROM dump, this exploit is moot; these private keys are located in the protected ARM9 boot ROM.

77

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/19227"