[LUGA] Mit freundlicher Unterstützung von:
init.at

Mail Thread Index


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [luga] Gar nicht gut....



Und (von gmane.comp.security.oss.general)

 |Subject: Prime example of a can of worms
 |Date: Sun, 18 Oct 2015 22:06:13 -0600

 |So in light of:
 |
 |https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf
 |
 |and
 |
 |https://www.eff.org/deeplinks/2015/10/how-to-protect-yours\
 |elf-from-nsa-attacks-1024-bit-DH
 |
 |I would suggest we minimally have a conversation about DH prime security
 |(e.g. using larger 2048 primes, and/or a better mix of primes to make
 |pre-computation attacks harder). Generating good primes is not easy from
 |what I've seen of several discussions, my fear would be that people try to
 |fix this by finding new primes that turn out to be problematic.

Speziell dies.

 |Secondly I would also suggest we seriously look at assigning a CVE to the
 |use of suspected compromised DH primes. Despite the fact we don't have
 |conclusive direct evidence (that I'm aware of, correct me if there is any
 |conclusive evidence) I think in this case:
 |
 |1) the attack is computationally feasible for an organization with
 |sufficient funding
 |2) the benefit of such an attack far, far, FAR outweighs the cost for
 |certain orgs, from the paper:
 |
 |A small
 |number of fixed or standardized groups are used by millions
 |of servers; performing precomputation for a single 1024-bit
 |group would allow passive eavesdropping on 18% of popular
 |HTTPS sites, and a second group would allow decryption
 |of traffic to 66% of IPsec VPNs and 26% of SSH servers.
 |
 |--
 |Kurt Seifried -- Red Hat -- Product Security -- Cloud
 |PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

--steffen



powered by LINUX the choice of a gnu generation
linux user group austria;
Suche
Suche
Letzte Änderung:
webmaster@luga.at
Oktober 2015