FREAK encryption flaw leaves millions of Apple & Android users exposed

M

MSTeacher

Member
Jun 19, 2010
2,076
73
48
http://rt.com/news/237445-freak-encryption-security-flaw/

As if nuthugging black jeans weren't bad enough to haunt us from the 80s there's this too :(

Tech firms are rushing to fix a disastrous security flaw dubbed ‘FREAK’, stemming from the US government’s requirement of lower encryption standards, that for over a decade left millions of users visiting 'secured' websites exposed to potential attacks.
Click to expand...

Researchers found that some 36 percent of websites that use SSL or TLS protocols, including government ones, are vulnerable and could be tricked into setting up a connection through weak encryption keys, also known as the export-grade key or 512-bit RSA keys – the design was approved by the US government for export overseas some three decades ago.

“The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today,” cryptographer Matthew Green of Johns Hopkins University wrote in a blog explaining the threat of the attack.
Click to expand...

Security experts also compiled a list of vulnerable websites that included those such as AmericanExpress.com, NSA.gov, and FBI.gov.
Click to expand...
 


imagine that. how "bad" could it have been if it took over 30 years to find?
 
Who uses 512 bit keys? Is that even possible? I don't think OpenSSL even has an option to generate 512 bit keys any more. Options are 1024 - 8192 bit, isn't it?
 
You must log in or register to reply here.
Top Bottom