Date: Mon, 19 Oct 2015 00:24:40 -0400 From: Alex Gaynor <alex.gaynor@...il.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Cc: CVE ID Requests <cve-assign@...re.org> Subject: Re: Prime example of a can of worms I think we can have a far simpler rule: use of DH at <= 1024 bits gets a CVE, the same way 512-bit RSA, or DES would. Alex On Mon, Oct 19, 2015 at 12:06 AM, Kurt Seifried <kseifried@...hat.com> wrote: > So in light of: > > https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf > > and > > > https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH > > I would suggest we minimally have a conversation about DH prime security > (e.g. using larger 2048 primes, and/or a better mix of primes to make > pre-computation attacks harder). Generating good primes is not easy from > what I've seen of several discussions, my fear would be that people try to > fix this by finding new primes that turn out to be problematic. > > Secondly I would also suggest we seriously look at assigning a CVE to the > use of suspected compromised DH primes. Despite the fact we don't have > conclusive direct evidence (that I'm aware of, correct me if there is any > conclusive evidence) I think in this case: > > 1) the attack is computationally feasible for an organization with > sufficient funding > 2) the benefit of such an attack far, far, FAR outweighs the cost for > certain orgs, from the paper: > > A small > number of fixed or standardized groups are used by millions > of servers; performing precomputation for a single 1024-bit > group would allow passive eavesdropping on 18% of popular > HTTPS sites, and a second group would allow decryption > of traffic to 66% of IPsec VPNs and 26% of SSH servers. > > > -- > Kurt Seifried -- Red Hat -- Product Security -- Cloud > PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 > Red Hat Product Security contact: secalert@...hat.com > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ