tags 780398 + security severity 780398 important thanks New research was released yesterday that estimates the cost of breaking a commonly-used 1024 bit Diffie-Hellman group to be alarmingly low, and within the reach of state-level adversaries[1]. Specifically, an adversary can do pre-computation with a particular DH group, and once that's done, can cheaply and passively decrypt any TLS connection that used that DH group. Furthermore, the researchers have conjectured, based on leaked documents, that the NSA already has this capability, and is using it to decrypt Internet communications.
Since Apache in Wheezy uses a fixed, commonly-used 1024 bit DH group, anyone using DH ciphersuites in Apache in Wheezy is at risk of passive decryption of their traffic. I believe this to be a security issue, and the patch to enable larger/custom DH parameters should be backported to Wheezy. Thanks, Andrew [1] https://weakdh.org/ (you can ignore the first part about 512 bit export ciphersuites, as that attack doesn't apply to Debian) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
