[Cryptography] DH non-prime kills "socat" command security
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Feb 2 21:41:55 EST 2016
Henry Baker <hbaker1 at pipeline.com> writes:
>For the past year, the Linux command "socat" has been assuming that the
>following number is prime; thus breaking its crypto security.
For the years before that, the Linux command "socat" has been assuming that a
512-bit prime is secure; thus breaking its crypto security.
They also do things like tell you how to set up the SSL tunnel without any
mention of validating certs so it's unlikely they check those, and various
other signs that they're not doing crypto very well.
Peter.
More information about the cryptography
mailing list