[Ach] New study on Forward Secrecy

Aaron Zauner azet at azet.org
Wed Dec 31 17:54:10 CET 2014


* Kurt Roeckx <kurt at roeckx.be> [31/12/2014 00:44:10] wrote:
> On Wed, Dec 31, 2014 at 12:37:13AM +0100, Hanno Böck wrote:
> > Hi,
> > 
> > On Tue, 30 Dec 2014 18:25:44 +0100
> > Aaron Zauner <azet at azet.org> wrote:
> > 
> > > Forward secrecy guarantees that eavesdroppers simply
> > > cannot reveal secret data of past communications. While
> > > many TLS servers have deployed the ephemeral Diffie-Hellman
> > > (DHE) key exchange to support forward secrecy, most sites use
> > > weak DH parameters resulting in a false sense of security. In
> > > our study, we surveyed a total of 473,802 TLS servers and
> > > found that 82.9% of the DHE-enabled servers were using weak
> > > DH parameters. Furthermore, given current parameter and
> > 
> > There should be something said about these numers: They were from
> > january 2014. apache only added support for > 1024 bit in november 2013.
> > I assume it's likely much higher now, although probably still in a bad
> > state.
> > 
> > I was highly confused by the fact they claim that only 14 servers
> > supported 4096 bit DH. That'd mean that I would run a significant
> > portion of those.
> 
> For recent stats see:
> https://lists.fedoraproject.org/pipermail/security/2014-December/002050.html
> 

So - yea. About 44% use 1024bit DH params, which is too little. Only
5% use 2048 bit params - 7% use 512(!)bit params. For lack of better
words: this is fucked up.

Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141231/80d6979e/attachment.sig>


More information about the Ach mailing list