On Thu, Jun 5, 2014 at 8:17 AM, ianG <i...@iang.org> wrote: > Another in the rash of weaknesses. This might mean that the fabled many > eyeballs have opened up? > > https://www.openssl.org/news/secadv_20140605.txt > > An attacker using a carefully crafted handshake can force the use of > weak keying material in OpenSSL SSL/TLS clients and servers. This can be > exploited by a Man-in-the-middle (MITM) attack where the attacker can > decrypt and modify traffic from the attacked client and server. >
For others interested in how this affects key bits, Rich Salz pointed to Adam Langley's write up at https://www.imperialviolet.org/2014/06/05/earlyccs.html. Its the best write up I have seen. Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography