Crypto flaw was so glaring it may be intentional eavesdropping backdoor
"Socat is a more feature-rich variant of the once widely used Netcat networking service for fixing bugs in network applications and for finding and exploiting security vulnerabilities. One of its features allows data to be transmitted through an encrypted channel to prevent it from being intercepted by people monitoring the traffic. Amazingly, when using the Diffie-Hellman method to establish a cryptographic key, Socat used a non-prime parameter to negotiate the key, an omission that violates one of the most basic cryptographic principles." -- source: http://arstechnica.com/security/2016/02/crypto-flaw-was-so-glaring-it-may-be... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
WOW. -- Securely sent with Tutanota. It's good, you should try it: https://tutanota.com 3. Feb 2016 12:04 by fracpete(a)waikato.ac.nz:
"Socat is a more feature-rich variant of the once widely used Netcat networking service for fixing bugs in network applications and for finding and exploiting security vulnerabilities. One of its features allows data to be transmitted through an encrypted channel to prevent it from being intercepted by people monitoring the traffic. Amazingly, when using the Diffie-Hellman method to establish a cryptographic key, Socat used a non-prime parameter to negotiate the key, an omission that violates one of the most basic cryptographic principles."
-- source: > http://arstechnica.com/security/2016/02/crypto-flaw-was-so-glaring-it-may-be...
Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete http://www.data-mining.co.nz _______________________________________________ wlug mailing list | > wlug(a)list.waikato.ac.nz Unsubscribe: > http://list.waikato.ac.nz/mailman/listinfo/wlug
participants (2)
-
Eric Light -
Peter Reutemann