Mit freundlicher Unterstützung von: |
Und (von gmane.comp.security.oss.general) |Subject: Prime example of a can of worms |Date: Sun, 18 Oct 2015 22:06:13 -0600 |So in light of: | |https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf | |and | |https://www.eff.org/deeplinks/2015/10/how-to-protect-yours\ |elf-from-nsa-attacks-1024-bit-DH | |I would suggest we minimally have a conversation about DH prime security |(e.g. using larger 2048 primes, and/or a better mix of primes to make |pre-computation attacks harder). Generating good primes is not easy from |what I've seen of several discussions, my fear would be that people try to |fix this by finding new primes that turn out to be problematic. Speziell dies. |Secondly I would also suggest we seriously look at assigning a CVE to the |use of suspected compromised DH primes. Despite the fact we don't have |conclusive direct evidence (that I'm aware of, correct me if there is any |conclusive evidence) I think in this case: | |1) the attack is computationally feasible for an organization with |sufficient funding |2) the benefit of such an attack far, far, FAR outweighs the cost for |certain orgs, from the paper: | |A small |number of fixed or standardized groups are used by millions |of servers; performing precomputation for a single 1024-bit |group would allow passive eavesdropping on 18% of popular |HTTPS sites, and a second group would allow decryption |of traffic to 66% of IPsec VPNs and 26% of SSH servers. | |-- |Kurt Seifried -- Red Hat -- Product Security -- Cloud |PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 --steffen
the choice of a gnu generation linux user group austria; |
Suche |
Letzte Änderung:
webmaster@luga.at Oktober 2015 |