[Ach] [cryptography] new OpenSSL exploitable bug?

Jeffrey Walton noloader at gmail.com
Fri Jun 6 05:22:39 CEST 2014

On Thu, Jun 5, 2014 at 8:17 AM, ianG <iang at iang.org> wrote:
> Another in the rash of weaknesses.  This might mean that the fabled many
> eyeballs have opened up?
> https://www.openssl.org/news/secadv_20140605.txt
> An attacker using a carefully crafted handshake can force the use of
> weak keying material in OpenSSL SSL/TLS clients and servers. This can be
> exploited by a Man-in-the-middle (MITM) attack where the attacker can
> decrypt and  modify traffic from the attacked client and server.

For others interested in how this affects key bits, Rich Salz pointed
to Adam Langley's write up at
https://www.imperialviolet.org/2014/06/05/earlyccs.html. Its the best
write up I have seen.


More information about the Ach mailing list