[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?
From: Hanno Böck <hanno@xxxxxxxxx>
Date: Tue, 15 Apr 2014 21:20:11 +0200

On Tue, 15 Apr 2014 17:06:13 +0300
Georgi Guninski <guninski@xxxxxxxxxxxx> wrote:

> openssl accepts DSA (and probably DH) keys with
> g=1 (or g= -1). Both are extremely weak, in
> practice plaintext.

openssl also accepts 15 as a prime for DH. I recently looked at this:
http://blog.hboeck.de/archives/841-Diffie-Hellman-and-TLS-with-nonsense-parameters.html

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@xxxxxxxxx
GPG: BBB51E42

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?
  - From: Georgi Guninski

References:
- [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?
  - From: Georgi Guninski

Prev by Date: Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
Next by Date: Re: [FD] Auditing systems for vulnerable 3rd-party OpenSSL
Previous by thread: [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?
Next by thread: Re: [FD] Should openssl accept weak DSA/DH keys with g = +/- 1 ?
Index(es):
- Date
- Thread