Red Hat Security Blog: January 2016 archives

  • Primes, parameters and moduli

    First a brief history of Diffie-Hellman for those not familiar with it The short version of Diffie-Hellman is that two parties (Alice and Bob) want to share a secret so they can encrypt their communications and talk securely without an eavesdropper (Eve) listening in. So Alice and Bob first share a public prime number and modulus (which Eve can see). Alice and Bob then each choose a large random number (referred to as their private key) and apply some modular arithmetic using the shared prime...
    Posted 2016-01-20T12:00:00+00:00 - 0
  • The SLOTH attack and IKE/IPsec

    Executive Summary: The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at . The SLOTH attack released today is a new transcript collision attack against some security protocols that use weak or broken hashes such as MD5 or SHA1. While it mostly focuses on the issues found in TLS, it also mentions weaknesses in the "Internet Key Exchange" (IKE) protocol used for IPsec VPNs. While the TLS findings are very...
    Posted 2016-01-15T12:00:00+00:00 - 0