Crytical crypto bug in Linux

Post Reply
virtual_master
Posts: 541
Joined: Mon May 20, 2013 12:03 pm
Contact:

Crytical crypto bug in Linux

Post by virtual_master »

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping:
http://arstechnica.com/security/2014/03 ... sdropping/
How does it affect .bit SSL/TLS support ?
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S

khal
Site Admin
Posts: 708
Joined: Mon May 09, 2011 5:09 pm
os: linux

Re: Crytical crypto bug in Linux

Post by khal »

From http://www.coindesk.com/serious-linux-f ... sdropping/ :
Explained Garzik:

“The gnuTLS bug is pretty bad, but very few use gnuTLS in the bitcoin community. OpenSSL is standard.”

Garzik indicated that the use of OpenSSL mitigates a fork risk that is present when using other competing libraries for key software, such as gnuTLS.

He also stated that projects using OpenSSL, Mozilla NSS, Crypto++ or another crypto library are not impacted by the bug.
Namecoin uses crypto++.
Convergence/FreeSpeechMe uses firefox' libs (NSS).


Other than that, we are affected the same way with server daemons using gnuTLS (apache, php, etc).
=> Namecoin servers have been updated.
NamecoinID: id/khal
GPG : 9CC5B92E965D69A9
NMC: N1KHAL5C1CRzy58NdJwp1tbLze3XrkFxx9
BTC: 1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T

Register Namecoin domains with BTC
My bitcoin Identity - Send messages to bitcoin users
Charity Ad - Make a good deed without paying a cent

virtual_master
Posts: 541
Joined: Mon May 20, 2013 12:03 pm
Contact:

Re: Crytical crypto bug in Linux

Post by virtual_master »

khal wrote:From http://www.coindesk.com/serious-linux-f ... sdropping/ :
Explained Garzik:

“The gnuTLS bug is pretty bad, but very few use gnuTLS in the bitcoin community. OpenSSL is standard.”

Garzik indicated that the use of OpenSSL mitigates a fork risk that is present when using other competing libraries for key software, such as gnuTLS.

He also stated that projects using OpenSSL, Mozilla NSS, Crypto++ or another crypto library are not impacted by the bug.
Namecoin uses crypto++.
Convergence/FreeSpeechMe uses firefox' libs (NSS).


Other than that, we are affected the same way with server daemons using gnuTLS (apache, php, etc).
=> Namecoin servers have been updated.
Yeah.
Good to know also:
Ankur Nandwani, a developer at Bitmonet, suggested hosted wallet users and the users of bitcoin exchanges would be most affected, but stated that there are easy protections to prevent issues.

“In both cases, an attacker can sniff users credentials, when users are trying to log-in to their account. To reduce the probability of online wallets and exchange credentials from being compromised, it is really important that everyone use two-factor authentication.”

Nandwani said that the bug is evidence that bitcoin users should reduce their reliance on online wallets and exchanges.
http://namecoinia.org/
Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba | NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S

Post Reply