New research on Diffie-Hellman in TLS. The 'LogJam' attack, a new active attack on export DHE. http://on.wsj.com/1cNQZVh http://weakdh.org
@matthew_d_green From the linked text it sounds like 1024-bit is affected too (passive listening by NSA). Is that incorrect?
-
-
@RichFelker The ability to passively eavesdrop on 1024 is just conjecture. It seems feasible for the NSA and consistent w the Snowden docs. -
@matthew_d_green Modern ssh servers seem to use diffie-hellman-group14-sha1 (support is mandatory per RFC4253) which is 2048-bit. -
@matthew_d_green My understanding is that TLS DH does not provide forward secrecy anyway and should not be used at all; is this right? -
@richfelker@matthew_d_green DHE_* ciphers provide forward secrecy, DH_* do not and require a special type of certificate. -
@davidcadrian@matthew_d_green Thanks. So are the HTTPS sites at risk using <=1024-bit-p DHE? - End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.