[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#31946: 27.0.50; The NSM should warn about more TLS problems

From: Noam Postavsky
Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Wed, 27 Jun 2018 20:14:42 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Jimmy Yuen Ho Wong <address@hidden> writes:

> Tidbit: The GnuTLS basically ignored a group of Adobe researchers when they
> reported to them GnuTLS was susceptible to the small group
> attack[7]...

> [7]: https://eprint.iacr.org/2016/995.pdf

I guess the report is here (the reporter, Luke Valenta, is the first
author of the paper): https://gitlab.com/gnutls/gnutls/issues/104

The paper just says "didn't patch", but looking in the details of the
report, Luke says:

    From a client's perspective, the TLS protocol limitation does
    prevent "q" from being specified. However, since a server knows the
    value of "q", it should be perform proper subgroup validation checks
    as a precaution against small subgroup attacks[...]

    I agree that since the server does not reuse ephemeral DH keys, it
    is not currently vulnerable to a small subgroup attack.

So, the client side can't be patched, and the server side doesn't really
need to be patched (just leave the "reuse ephemeral key" option turned

Furthermore, it seems gnutls has added support for standardized primes,
so that pretty much resolves the issue as much as it can be:


reply via email to

[Prev in Thread] Current Thread [Next in Thread]