1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Socat vulnerability shows that crypto backdoors can be hard to spot

Discussion in 'Network World' started by RSS, Feb 3, 2016.

  1. RSS

    RSS New Member Member

    Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. The error is so serious that members of the security community believe it could be an intentional backdoor.

    Socat is a more complex and feature-rich reimplementation of netcat, a cross-platform networking service that can establish outbound and inbound connections on different ports and protocols. It is also a popular tool for network debugging.

    Socat can create encrypted connections using the Diffie-Hellman (DH) key exchange mechanism, which fundamentally relies on a prime number to derive the shared secrets for key exchanges. It turns out that the 1024-bit DH parameter used by Socat was not actually a prime number.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page