TLS 1.3 - insecure RSA algorithm


This mostly affects routers and “secure” websites. It has to do with the fact that a lot of inexpensive home devices (and some commercial ones) rely on RSA encryption, which was broken back in the 90s. It’s still broken, but it’s still being used. What they’ve done is try to keep putting more and more walls around it to keep attackers from getting to the broken bits. It’s an approach that just doesn’t work very well, hence the “Yawn” in the article title.

The reason for all these attack variations is because the authors of the TLS encryption protocol decided to add countermeasures to make attempts to guess the RSA decryption key harder, instead of replacing the insecure RSA algorithm.

If you don’t know what TLS is, the Wikipedia article is pretty good: