SUSE CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

Insufficient Key Length

puppet uses 1024-bit keys for their CA certificate by default, which according to GlobalSign, is insufficiently secure since 2014...

Unjam the logjam

Security Unjam the logjam Share June 9th, 2015 When a browser and website communicate over a secure connection, they encrypt and decrypt the data using a shared symmetric encryption key; the same key is used for encryption and decryption. In order for the browser and server to make sure they use...

More 1024-Bit Certificates to Be Deprecated in Firefox

When Mozilla released Firefox 32 last week, the company removed several root certificates from the trust store for the browser. The move wasn’t because the certificates were fraudulent or the CAs that issued them were compromised, but because the certificates use 1024-bit keys. This is the first...