[Cryptography] DH non-prime kills "socat" command security
Tom Mitchell
mitch at niftyegg.com
Mon Feb 8 21:58:27 EST 2016
On Fri, Feb 5, 2016 at 6:38 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:
> mok-kong shen <mok-kong.shen at t-online.de> writes:
>
> >Among possible causes I surmise that possibly Miller-Rabin test was used
> to
> >find a prime,
>
> I doubt it.
...
> Google leads
> them to Stackexchange where others have had the same problem, they grab the
> code there, done.
>
...
>
> In any case though people still seem to be missing the big picture,
>
....
>
> So it's quite possible that moving to the 1024-bit non-prime was an
> increase
> in security over the previous state of the code.
> <cryptography at metzdowd.com>
>
I suspect we cannot ignore the reality that this is a shared secret
tool where one big secret is not secret.
An IT department that installs their own secrets would be more secure
than others that uses the bits out of the box.
It seems that the generation of prime and pseudo primes is the
important research topic of the week.
The nice part is the traffic on the wire does not appear to disclose the
case where a specific department has compiled in secrets specific to
their department.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160208/a4f6539c/attachment.html>
More information about the cryptography
mailing list