LogJam TLS vulnerability

Post Reply
cassini
Posts: 335
Joined: Sun May 26, 2013 6:36 pm

LogJam TLS vulnerability

Post by cassini » Thu May 21, 2015 10:41 pm

Lots of TLS-related services affected. Browsers, servers, VPNs, SSH, mail clients, etc.
see https://weakdh.org/
In-depth analysis: https://weakdh.org/imperfect-forward-secrecy.pdf
Instructions for admins: https://weakdh.org/sysadmin.html

phelix
Posts: 1631
Joined: Thu Aug 18, 2011 6:59 am

Re: LogJam TLS vulnerability

Post by phelix » Fri May 22, 2015 2:24 pm

The NSA is such a pain. I wonder how much more of the world's time, money and mental health they want to waste.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

biolizard89
Posts: 1979
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: LogJam TLS vulnerability

Post by biolizard89 » Fri May 22, 2015 10:47 pm

It's hard to blame this one on the NSA directly. All affected servers had already been getting an F on SSLLabs for ages. Fun fact, my university's service that lets you see your grades is affected. (OU's IT people are beyond incompetent. Someone should sue them for endangering student record privacy.)
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply