[Cryptech Tech] News

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Feb 3 00:54:36 UTC 2016

Previous message (by thread): [Cryptech Tech] News
Next message (by thread): [Cryptech Tech] News
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Russ Housley <housley at vigilsec.com> writes:

>I thought people on this list would find this article interesting:
>http://arstechnica.com/security/2016/02/crypto-flaw-was-so-glaring-it-may-be-intentional-eavesdropping-backdoor/

If you read the discussion around that it's far more likely to be due to
incompetence.  The flawed 1024-bit prime was replacing the 512-bit prime that
had been in use until then, and the guy who made the change was asking for
help with various other things which indicated he wasn't the most capable
developer (I don't have the links any more but it was linked off a thread on
ycombinator).  It just looks like standard badly-done crypto, they also do
things like tell you how to set up the SSL tunnel without any mention of
validating certs so it's unlikely they check those, and various other signs
that they're not doing the crypto too well.

Peter.

Previous message (by thread): [Cryptech Tech] News
Next message (by thread): [Cryptech Tech] News
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list