The RFC 5114 saga

Back in January I posed a question "to the Internet": What the heck is RFC 5114? It looks like a lot happened since then around it. I would like to use this post to recollect some of the stuff around RFC5114 . Chapter 0: October 2007 RFC5114 draft was submitted to the IETF . Chapter I: January 20...

OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Usual Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL...

Internet Bug Bounty: OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Full write up: http://intothesymmetry.blogspot.ch/2016/01/openssl-key-recovery-attack-on-dh-small.html DH small subgroups CVE-2016-0701 ================================== Severity: High Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently in version...

What the heck is RFC 5114?

Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... I already talked about Diffie–Hellman DH from now on in TLS in my previous post: Small subgroup attack in Mozilla NSS. As mentioned FWIW I strongly agree with Google Chro...