Tag Archives: diffie

2015 年的 Turing Award 由 Whitfield Diffie 與 Martin E. Hellman 獲得

從紐約時報看到今年的 Turing Award 由 Whitfield Diffie 與 Martin E. Hellman 獲得:「Cryptography Pioneers Win Turing Award」。在 Turing Award 官網上也可以看到對應的說明。 Diffie–Hellman key exchange 是全世界第一個 (1976 年) 在公開頻道上建立 shared secret 的演算法,直到現在都還廣泛的被使用,可以防禦被動式的監聽攻擊: The Diffie–Hellman key exchange method allows two parties that have no prior … Continue reading

Posted in Computer, Murmuring, Network, Science, Security | Tagged , , , , , , , , , , , | Leave a comment

在攻擊時總是挑最弱的一環:NSA 對 DH 的攻擊

在「How is NSA breaking so much crypto?」這邊提到了 2012 年有文章說明 NSA 有能力解開部份的加密通訊,而後來 Snowden 所提供的資料也證實了這點: In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to … Continue reading

Posted in Computer, Murmuring, Network, Security, VPN, WWW | Tagged , , , , , , , , , , , , | Leave a comment

OpenSSL 的 ECDH 中,224 bits 速度比 160/192 bits 快的原因

跑 openssl speed ecdh 的時候發現很特別的現象: Doing 160 bit ecdh's for 10s: 40865 160-bit ECDH ops in 9.99s Doing 192 bit ecdh's for 10s: 34169 192-bit ECDH ops in 9.99s Doing 224 bit ecdh's for 10s: 60980 224-bit ECDH ops in … Continue reading

Posted in Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , | Leave a comment

CloudFlare 的 Keyless SSL 服務

CloudFlare 有兩篇公告出來:「Announcing Keyless SSL™: All the Benefits of CloudFlare Without Having to Turn Over Your Private SSL Keys」、「Keyless SSL: The Nitty Gritty Technical Details」。前面的一篇偏向公告文 (以及公關稿),而後面的一篇提到了實際運作的方式。 用兩張 Keyless SSL 的 flow 就可以知道差異了,一張是 RSA-based,一張是 DH-based: 把與 private key 相關的運算拆出來,由後方計算完成後再計算出 session key 與 … Continue reading

Posted in CDN, Cloud, Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , | Leave a comment

AWS ELB 加強安全性...

AWS ELB 加強對 SSL 安全性的功能:「Elastic Load Balancing – Perfect Forward Secrecy and Other Security Enhancements」。 第一個是支援 PFS (Perfect Forward Secrecy),愈大多數的實做相同,是使用 ECDH。 第二個是 Server Order Preference,由 server 這邊決定最終的 cipher。 最重要的是第三個,也就是「懶人包」。推出新的 security policy ELBSecurityPolicy-2014-01,把上面兩個都設進去了。 這次的升級是對安全性的提昇...

Posted in AWS, Cloud, Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , , , , , , , , , , , | Leave a comment

1024bits 的 RSA 與 DH...

看到「Majority of Tor crypto keys could be broken by NSA, researcher says」,說明 NSA 曾經跟 IBM 訂作特殊晶片: "Everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys," Graham wrote in a blog post published Friday. "Assuming no … Continue reading

Posted in Computer, Murmuring, Network, Security, Software | Tagged , , , , , , , | Leave a comment

SSL/TLS 的 Perfect Forward Secrecy...

寫這篇順便測試 MathJax 的效果... 因為 NSA 的惡搞,這陣子 PFS (Perfect Forward Secrecy) 突然被拿出來討論: Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it SSL: Intercepted today, decrypted tomorrow 在講 PFS 前,得先講 Diffie-Hellman key exchange (D-H)。 D-H … Continue reading

Posted in Computer, Murmuring, Network, Security | Tagged , , , , , , , , , , | 4 Comments