Slashdot Mirror

← Back to Stories (view on slashdot.org)

Socat Weak Crypto Draws Suspicions Of a Backdoor (threatpost.com)

Posted by timothy on from the giving-away-our-best-tricks dept.

msm1267 writes: Socat is the latest open source tool to come under suspicion that it is backdoored. A security advisory published Monday warned that the OpenSSL address implementation in Socat contains a hard-coded Diffie-Hellman 1024-bit prime number that was not prime. "The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p," the advisory said. "Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out." Socat said it has generated a new prime that is 2048 bits long; versions 1.7.3.0 and 2.0.0-b8 are affected. The advisory adds that a temporary workaround would be to disable the Diffie-Hellman ciphers.

4 of 50 comments (clear)

  1. There seem to be a lot of these backdoors by Anonymous Coward · · Score: 2, Insightful

    Putting on my tin-foil hat, it almost seems like there is a coordinated program to backdoor security products, and attribute them to a 'mistake'. But that's just me being paranoid.

    1. Re:There seem to be a lot of these backdoors by gstoddart · · Score: 4, Insightful

      Putting on my tin-foil hat, it almost seems like there is a coordinated program to backdoor security products, and attribute them to a 'mistake'. But that's just me being paranoid.

      In fairness, intentionally weakening crypto requires as much understanding of it as doing it right.

      Screwing it up, however, can be done by any moron.

      Which happened here? Who the hell knows.

      --
      Lost at C:>. Found at C.
    2. Re:There seem to be a lot of these backdoors by Anonymous Coward · · Score: 2, Insightful

      > Which happened here? Who the hell knows.

      Oh please.

      You're probably trying to do the "it's just incompetence, not malice" thing.

      But after seeing this pattern over and over.. no, it reeks of manipulation.

      Any advanced malice is indistinguishable from incompetence.

  2. This cannot happen accidentally by JoshuaZ · · Score: 5, Insightful

    This cannot happen accidentally. We have for example versions of the Miller-Rabin test https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test which easily test primality if you believe the Riemann Hypothesis and other versions which unconditionally give such a high probability that one is more likely to have had a cosmic ray wreck your computing results than for the test to be erroneous. You can use for example this Javascript http://www.javascripter.net/math/primes/millerrabinprimalitytest.htm. There's no obvious way one would come up with a composite number unless one was deliberately trying. Hopefully there's enough of a record to note when this fake prime was put in.