RSA is one of the most commonly used algorithm for providing confidentiality, integrity and authenticity of digital information. RSA is used to secure web traffic up to TLS 1.2. Today, web servers have a certificate which protects the traffic between a web server and a client browser. This certificate contains a public key of 1024 or 2048-bits. But what will happen when the key material of the certificate is not correctly generated? Are you still sure that traffic is protected and cannot be compromised?

Johan Loos will show you two different ways on how a RSA private key of a certificate can be 'recovered' when you only have access to the public key.

This session is based on Johan's own research on RSA and focus on different types of RSA attacks. These attacks are demonstrated live using virtual machines. Johan wrote his own script in Python for the recovery of the cryptographic key material. This session is for people who wants to know more about RSA attacks, and how they can improve security.

About the speaker:

Johan is a freelance security researcher, security specialist, privacy and healthcare professional with interest in the area of IT security, information security, privacy, medical devices and cryptography. Johan is passionate about technology and evangelises security to organisations to take security seriously by implementing security and privacy by design principles.

Overview of the session

• Overview on how the RSA algorithm works
• Overview of the RSA attack used in this demo
• How to recover a private key of a TLS v1.2 session and decrypt TLS v1.2 traffic