[Ach] New study on Forward Secrecy

Kurt Roeckx kurt at roeckx.be
Wed Dec 31 00:43:46 CET 2014


On Wed, Dec 31, 2014 at 12:37:13AM +0100, Hanno Böck wrote:
> Hi,
> 
> On Tue, 30 Dec 2014 18:25:44 +0100
> Aaron Zauner <azet at azet.org> wrote:
> 
> > Forward secrecy guarantees that eavesdroppers simply
> > cannot reveal secret data of past communications. While
> > many TLS servers have deployed the ephemeral Diffie-Hellman
> > (DHE) key exchange to support forward secrecy, most sites use
> > weak DH parameters resulting in a false sense of security. In
> > our study, we surveyed a total of 473,802 TLS servers and
> > found that 82.9% of the DHE-enabled servers were using weak
> > DH parameters. Furthermore, given current parameter and
> 
> There should be something said about these numers: They were from
> january 2014. apache only added support for > 1024 bit in november 2013.
> I assume it's likely much higher now, although probably still in a bad
> state.
> 
> I was highly confused by the fact they claim that only 14 servers
> supported 4096 bit DH. That'd mean that I would run a significant
> portion of those.

For recent stats see:
https://lists.fedoraproject.org/pipermail/security/2014-December/002050.html


Kurt




More information about the Ach mailing list