Socat Weak Crypto Draws Suspicions Of a Backdoor

msm1267 writes: Socat is the latest open source tool to come under suspicion that it is backdoored. A security advisory published Monday warned that the OpenSSL address implementation in Socat contains a hard-coded Diffie-Hellman 1024-bit prime number that was not prime. "The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p," the advisory said. "Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out." Socat said it has generated a new prime that is 2048 bits long; versions 1.7.3.0 and 2.0.0-b8 are affected. The advisory adds that a temporary workaround would be to disable the Diffie-Hellman ciphers.

The "experts" tell us not to roll our own crypto

So the crypto "experts" repeatedly tell us not to roll our own crypto. So we use theirs instead. Then we find out that it's buggy as all fuck. Just look at OpenSSL, and the many security flaws it has been found to have. Now there's this flaw with this utility, plus the many other incidents lately.

Why the hell should we trust these people any longer? It's not like these bugs are obscure or justifiable in some way. I mean, these supposed "experts" are fucking up the most basic stuff! These are mistakes that we mere mortals would probably not have made had we, gasp, rolled our own crypto.

The lesson we should all learn from this is that when self-proclaimed "experts" tell you to not do something on our own, we should be extra cautious using whatever they're pushing us to use instead. It could very well be much, much worse than anything we'd create on our own.