Full Disclosure mailing list archives
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ?
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 15 Apr 2014 21:20:11 +0200
On Tue, 15 Apr 2014 17:06:13 +0300 Georgi Guninski <guninski () guninski com> wrote:
openssl accepts DSA (and probably DH) keys with g=1 (or g= -1). Both are extremely weak, in practice plaintext.
openssl also accepts 15 as a prime for DH. I recently looked at this: http://blog.hboeck.de/archives/841-Diffie-Hellman-and-TLS-with-nonsense-parameters.html -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 15)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Hanno Böck (Apr 15)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 16)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Hanno Böck (Apr 16)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Pavel Kankovsky (Apr 17)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Jeffrey Walton (Apr 17)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 16)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Hanno Böck (Apr 15)