Precious Metals Forum

Go Back   Precious Metals Forum > Bunker Talk > STS

Reply
 
LinkBack Thread Tools
Old 10-20-2015, 08:59 AM   #1
Golden Cockroach
 
PMBug's Avatar
 
Join Date: Oct 2011
Location: In Scrooge McDuck's vault
Posts: 6,931
Liked: 2431 times
Exclamation Protect Yourself from NSA Attacks on 1024-bit DH

Quote :
In a post on Wednesday, researchers Alex Halderman and Nadia Heninger presented compelling research suggesting that the NSA has developed the capability to decrypt a large number of HTTPS, SSH, and VPN connections using an attack on common implementations of the Diffie-Hellman key exchange algorithm with 1024-bit primes. Earlier in the year, they were part of a research group that published a study of the Logjam attack, which leveraged overlooked and outdated code to enforce "export-grade" (downgraded, 512-bit) parameters for Diffie-Hellman. By performing a cost analysis of the algorithm with stronger 1024-bit parameters and comparing that with what we know of the NSA "black budget" (and reading between the lines of several leaked documents about NSA interception capabilities) they concluded that it's likely NSA has been breaking 1024-bit Diffie-Hellman for some time now.

The good news is, in the time since this research was originally published, the major browser vendors (IE, Chrome, and Firefox) have removed support for 512-bit Diffie-Hellman, addressing the biggest vulnerability. However, 1024-bit Diffie-Hellman remains supported for the forseeable future despite its vulnerability to NSA surveillance. In this post, we present some practical tips to protect yourself from the surveillance machine, whether you're using a web browser, an SSH client, or VPN software.
...
More: https://www.eff.org/deeplinks/2015/1...ks-1024-bit-DH

When you browse the web and visit any website with a "secure" connection, like say your bank or any commercial site like Amazon, you will be connected with an SSL connection. The web address will show as https:\\... The article is saying that the cryptography underlying some implementations for that connection is compromised and has been for some time. Click the link and the article gives you some pretty simple steps to disable the vulnerability from your browser. It doesn't disable your ability to use SSL or secure connections, it just ensures that when you do, it's really secure and not using a compromised routine.

Fixing my FireFox browser literally took me less than 30 seconds.

__________________
The journey of a thousand miles begins with a single step. - Lao Tzu

Important stuff: PMBug 101 * Forum Guidelines * Support PMBug
PMBug is offline   Reply With Quote
Old 10-24-2015, 06:10 PM   #2
Ground Beetle
 
Join Date: Oct 2011
Location: Here, There, and Everywhere
Posts: 633
Liked: 388 times
When I did as the linked document instructed, I got a list showing the two ".DHE_" files, plus 10 more ".DHE_" files. I disabled the 2, but left the other 10 as is. Anyone know if I should disable them, too?
__________________
If you keep doing what you are doing, You will keep getting what you are getting.
If you don't like what you are getting, You must change what you are doing.


http://mmerlinn.com

GOLD is the money of KINGS.
SILVER is the money of GENTLEMEN.
BARTER is the money of PEASANTS.
DEBT is the money of SLAVES.
- Norm Franz
mmerlinn is offline   Reply With Quote
Old 10-24-2015, 08:26 PM   #3
Golden Cockroach
 
PMBug's Avatar
 
Join Date: Oct 2011
Location: In Scrooge McDuck's vault
Posts: 6,931
Liked: 2431 times
Only disable the 2 mentioned. That will disable the problematic 1024 DH routines.
__________________
The journey of a thousand miles begins with a single step. - Lao Tzu

Important stuff: PMBug 101 * Forum Guidelines * Support PMBug
PMBug is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
US bank websites under DDOS attacks PMBug Fiat Ponzi 6 09-28-2012 04:23 PM


All times are GMT -5. The time now is 02:34 PM.


Powered by vBulletin® from Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2 ©2011, Crawlability, Inc.
Content of PMBug.com copyright © 2011 - 2019 Measuring Up. All Rights Reserved.