mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2020-01-16, 19:19   #45
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

112×23 Posts
Default

Also interesting is how Microsoft learned of the problem...
Dr Sardonicus is offline   Reply With Quote
Old 2020-01-17, 02:23   #46
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

121618 Posts
Default

Quote:
Originally Posted by retina View Post
Apparently the final patch for 7 has a fix.

And also I read, the older versions of Windows don't support the ECC crypto so are not affected.
Correction: Older versions of the crypt32.dll do support ECC but don't support the custom parameters settings that this exploits needs. So the only versions of Windows that are affected are W10 and W10 Server.

And people using W10 are already not concerned about their privacy since MS already watches them, so those people shouldn't care about other agents also getting their data.
retina is offline   Reply With Quote
Old 2020-01-17, 13:34   #47
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

5,233 Posts
Default

Firefox uses its own certificate checking code, even on W10. So for browser users on W10 using FF you won't be vulnerable.

You can test your stuff here. If the page loads successfully then you have a problem. If you get an error similar to "improperly formatted DER-encoded message." then you are good to go.
retina is offline   Reply With Quote
Old 2020-01-17, 13:35   #48
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

22·2,423 Posts
Default

Quote:
Originally Posted by retina View Post
And people using W10 are already not concerned about their privacy since MS already watches them, so those people shouldn't care about other agents also getting their data.
Privacy is not binary.

Some entitities are more trustworthy than others. There is stuff of mine for which I have no qualms SWMBO accessing but would prefer not to be available to a global readership.
xilman is offline   Reply With Quote
Old 2020-01-17, 22:39   #49
Stargate38
 
Stargate38's Avatar
 
"Daniel Jackson"
May 2011
14285714285714285714

19×31 Posts
Default

I'm glad they patched it, otherwise we would've been hacked and not know about it until it was too late.

@retina: I use Pale Moon. For me, the security error is "SEC_ERROR_BAD_DER", so I should be OK security-wise.

Last fiddled with by Stargate38 on 2020-01-17 at 22:40 Reason: insert browser
Stargate38 is offline   Reply With Quote
Old 2020-01-18, 17:27   #50
chris2be8
 
chris2be8's Avatar
 
Sep 2009

2×13×67 Posts
Default

Konqueror said:
Code:
The server failed the authenticity check (chainoffools.wouaib.ch).

The certificate is not signed by any trusted certificate authority
Which would put me on my guard if I was trying to connect to anywhere important.

Chris
chris2be8 is offline   Reply With Quote
Old 2020-01-23, 10:52   #51
LaurV
Romulan Interpreter
 
LaurV's Avatar
 
Jun 2011
Thailand

3·31·89 Posts
Default

Quote:
Originally Posted by xilman View Post
Privacy is not binary.

Some entitities (sic)...
You sure didn't mean boolean? About the last one, we really have some hard time trying to read it
LaurV is offline   Reply With Quote
Old 2020-02-11, 23:37   #52
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

22·2,423 Posts
Default

https://www.bbc.com/news/world-europe-51467536

though David Kahn (IIRC) reported a similar situation in his The Codebreakers which was published around 50 years ago.
xilman is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
ElGamal crypto without prime ElChapo Math 9 2017-06-10 03:26
SHA-1 Crypto Hash weakened plandon Lounge 0 2009-06-16 13:55
The news giveth, the news taketh away... NBtarheel_33 Hardware 17 2009-05-04 15:52
Crypto 2007 R.D. Silverman Lounge 2 2007-08-08 20:24
crypto game MrHappy Lounge 0 2005-01-19 16:27

All times are UTC. The time now is 23:32.

Sun Feb 23 23:32:20 UTC 2020 up 23 days, 18:04, 2 users, load averages: 2.42, 2.76, 2.66

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.