[Ach] this just happend: On the Practical Exploitability of Dual EC in TLS Implementations
ianG
iang at iang.org
Wed Apr 2 01:05:57 CEST 2014
On 31/03/2014 19:05 pm, Aaron Zauner wrote:
> http://dualec.org/
> http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331
http://dualec.org/DualECTLS.pdf
On DSA, is there any more powerful advert for total deprecation:
When a TLS server uses DSA or ECDSA to sign its DH/ECDH public key,
a single known nonce reveals the long-lived signing key which enables
future active attacks. Our attacks reveal the inner state of Dual EC
which generates the nonces and we have successfully recovered the
long-term signing keys.
I have to hand it to the team, they really went to town on this one.
iang
More information about the Ach
mailing list