Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Oct 2015 04:36:12 +0000
From: Loganaden Velvindron <loganaden@...il.com>
To: oss-security@...ts.openwall.com
Cc: CVE ID Requests <cve-assign@...re.org>
Subject: Re: Prime example of a can of worms

On Mon, Oct 19, 2015 at 4:06 AM, Kurt Seifried <kseifried@...hat.com> wrote:

> So in light of:
>
> https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf
>
> and
>
>
> https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
>
> I would suggest we minimally have a conversation about DH prime security
> (e.g. using larger 2048 primes, and/or a better mix of primes to make
> pre-computation attacks harder). Generating good primes is not easy from
> what I've seen of several discussions, my fear would be that people try to
> fix this by finding new primes that turn out to be problematic.
>
> Secondly I would also suggest we seriously look at assigning a CVE to the
> use of suspected compromised DH primes. Despite the fact we don't have
> conclusive direct evidence (that I'm aware of, correct me if there is any
> conclusive evidence) I think in this case:
>
> 1) the attack is computationally feasible for an organization with
> sufficient funding
> 2) the benefit of such an attack far, far, FAR outweighs the cost for
> certain orgs, from the paper:
>
>
I think that it's important for organizations who are providing services
that are considered critical to the stability of the Internet to audit &
take corrective measures for all of their impacted services.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ