Socat Weak Crypto Draws Suspicions Of a Backdoor (threatpost.com)

← Back to Stories (view on slashdot.org)

Socat Weak Crypto Draws Suspicions Of a Backdoor (threatpost.com)

Posted by timothy on Tuesday February 2, 2016 @09:24AM from the giving-away-our-best-tricks dept.

msm1267 writes: Socat is the latest open source tool to come under suspicion that it is backdoored. A security advisory published Monday warned that the OpenSSL address implementation in Socat contains a hard-coded Diffie-Hellman 1024-bit prime number that was not prime. "The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p," the advisory said. "Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out." Socat said it has generated a new prime that is 2048 bits long; versions 1.7.3.0 and 2.0.0-b8 are affected. The advisory adds that a temporary workaround would be to disable the Diffie-Hellman ciphers.

4 of 50 comments (clear)

Min score:

Reason:

Sort:

This cannot happen accidentally by JoshuaZ · 2016-02-02 09:33 · Score: 5, Insightful

This cannot happen accidentally. We have for example versions of the Miller-Rabin test https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test which easily test primality if you believe the Riemann Hypothesis and other versions which unconditionally give such a high probability that one is more likely to have had a cosmic ray wreck your computing results than for the test to be erroneous. You can use for example this Javascript http://www.javascripter.net/math/primes/millerrabinprimalitytest.htm. There's no obvious way one would come up with a composite number unless one was deliberately trying. Hopefully there's enough of a record to note when this fake prime was put in.
1. Re:This cannot happen accidentally by Anonymous Coward · 2016-02-02 09:37 · Score: 5, Funny
  
  This evening I'll reflect on your rant while performing the Miller-Coors test
2. Re:This cannot happen accidentally by JoshuaZ · 2016-02-02 09:43 · Score: 5, Informative
  
  Followup: acording to this thread https://news.ycombinator.com/item?id=11014175 the number in question fails at even being a pseudoprime for small bases, which means that even the most simple checks were not done. That thread also mentions the individual responsible for giving the "prime"- I'm not sure why he's not being grilled pretty heavily right now.
Re:There seem to be a lot of these backdoors by gstoddart · 2016-02-02 09:35 · Score: 4, Insightful

Putting on my tin-foil hat, it almost seems like there is a coordinated program to backdoor security products, and attribute them to a 'mistake'. But that's just me being paranoid.
In fairness, intentionally weakening crypto requires as much understanding of it as doing it right.
Screwing it up, however, can be done by any moron.
Which happened here? Who the hell knows.

--
Lost at C:>. Found at C.