banner



Home  ›  Firefox blocks websites with vulnerable encryption keys - endothervitur

Firefox blocks websites with vulnerable encryption keys - endothervitur

Written By Tuesday, January 4, 2022 Add Comment Edit

Firefox, Mozilla

Mozilla

To protect users from cryptographic attacks that lavatory compromise secure web connections, the popular Firefox browser wish block access to HTTPS servers that use limp Diffie-Hellman keys.

Diffie-Hellman is a key exchange communications protocol that is slowly replacing the widely used RSA key agreement for the TLS  (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can comprise used with TLS's ephemeral modes, which put up forward secrecy — a property that prevents the decryption of antecedently captured traffic if the key is barmy at a later time.

However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman Key exchange obligatory on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the distinguish size to 512 bits. In May 2015 around 7 percent of websites on the net were vulnerable to the attack, which was dubbed LogJam.

"In response to recent developments attacking Diffie-Hellman key fruit exchange and to protect the privacy of Firefox users, we have accumulated the minimum key size for TLS handshakes using Diffie-Hellman paint exchange to 1023 bits," David Keeler, a Mozilla security engineer, aforesaid in a blog post Friday.

A bitty number of servers are still not configured to use strong enough keys and Firefox users trying to access them will receive an error called "ssl_error_weak_server_ephemeral_dh_key," Keeler said.

Accordant to a recent survey of the top 140,000 HTTPS websites on the cyberspace by traffic, or so 5 percent of them used keys smaller than 1024 bits. The currently recommended sized is 2048 bits and over 67 pct of these sites conform to that.

Bill: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link insurance policy for more inside information.

  • Security
  • Encoding
  • Privacy
  • Firefox

Source: https://www.pcworld.com/article/410535/firefox-blocks-websites-with-vulnerable-encryption-keys.html

Posted by: endothervitur.blogspot.com

0 Response to "Firefox blocks websites with vulnerable encryption keys - endothervitur"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel