Welcome to Thunderdome

RIP Gordon
https://www.dtman.com/forum3/

Freak SSL flaw

https://www.dtman.com/forum3/viewtopic.php?t=3857

Page 1 of 1

Posted: Fri Mar 06, 2015 2:23 pm
by Malcolm
Goddamnit.

Real link to credible doc describing flaw.

Posted: Fri Mar 06, 2015 5:55 pm
by GORDON
Microsoft is warning that all Windows operating systems are at risk from the vulnerability known as Freak, for "Factoring RSA-EXPORT Keys." The flaw exists in SSL, which is used to secure online communications, and could be abused by an attacker to force crypto suites to downgrade from using a "strong" RSA cipher to a weaker, "export-grade" RSA cipher.


A dollar says this was on purpose.

Posted: Fri Mar 06, 2015 5:59 pm
by Malcolm
GORDON wrote:
Microsoft is warning that all Windows operating systems are at risk from the vulnerability known as Freak, for "Factoring RSA-EXPORT Keys." The flaw exists in SSL, which is used to secure online communications, and could be abused by an attacker to force crypto suites to downgrade from using a "strong" RSA cipher to a weaker, "export-grade" RSA cipher.


A dollar says this was on purpose.
FREAK ("Factoring RSA Export Keys") is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. export regulations

...

While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.

Yep. Heard about those regs years ago when I was still an undergrad. Fortunately SSL is open source, so someone will fix it very soon.



Edited By Malcolm on 1425682952
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited