Bug#780398: 1024 bit DH in Wheezy's Apache is Insecure

To: 780398@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#780398: 1024 bit DH in Wheezy's Apache is Insecure
From: Andrew Ayer <agwa@andrewayer.name>
Date: Wed, 20 May 2015 09:02:25 -0700
Message-id: <[🔎] 20150520090225.5eed4027a124473dce9c9546@andrewayer.name>
Reply-to: Andrew Ayer <agwa@andrewayer.name>, 780398@bugs.debian.org

tags 780398 + security
severity 780398 important
thanks

New research was released yesterday that estimates the cost of
breaking a commonly-used 1024 bit Diffie-Hellman group to be alarmingly
low, and within the reach of state-level adversaries[1].  Specifically,
an adversary can do pre-computation with a particular DH group, and once
that's done, can cheaply and passively decrypt any TLS connection that
used that DH group.  Furthermore, the researchers have conjectured,
based on leaked documents, that the NSA already has this capability,
and is using it to decrypt Internet communications.

Since Apache in Wheezy uses a fixed, commonly-used 1024 bit DH group,
anyone using DH ciphersuites in Apache in Wheezy is at risk of
passive decryption of their traffic.  I believe this to be a security
issue, and the patch to enable larger/custom DH parameters should be
backported to Wheezy.

Thanks,
Andrew

[1] https://weakdh.org/ (you can ignore the first part about 512 bit
export ciphersuites, as that attack doesn't apply to Debian)

Reply to:

Follow-Ups:
- Processed: 1024 bit DH in Wheezy's Apache is Insecure
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#779359: Not just SquirrelMail
Next by Date: Processed: 1024 bit DH in Wheezy's Apache is Insecure
Previous by thread: Bug#779359: Not just SquirrelMail
Next by thread: Processed: 1024 bit DH in Wheezy's Apache is Insecure
Index(es):
- Date
- Thread