I think that the "epic fail" part isn't the overall security of the PS3(which has generally been a pretty good sinister representative of the dystopian "trusted computing" future); but the fact that they somehow managed to build a code-signing verification mechanism that allowed their private key to be computed by an outside party.
Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify th
Although the keys are kind of short (they likely will become breakable in a few decades or something like that), that has nothing to do with the screwup. They completely botched their signer so it creates correlated signatures that leak the key. The computation to get the private key takes milliseconds.
Epic Fail? WTF? (Score:4, Insightful)
Epic Fail? WTF?
How many years has it taken to crack the PS3?
I'd say that Sony has done a remarkable job.
Re: (Score:5, Insightful)
Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify th
Re: (Score:1)
What if the number of bits in the key is low enough? If it only a small key, then could it be cracked mathematically in four months?
Re:Epic Fail? WTF? (Score:4, Informative)
Although the keys are kind of short (they likely will become breakable in a few decades or something like that), that has nothing to do with the screwup. They completely botched their signer so it creates correlated signatures that leak the key. The computation to get the private key takes milliseconds.