Posts Tagged ‘SSL’

It seems that every 18 months or so we are treated to another scary story about how SSL is broken and all your encrypted secrets are at risk. Of course, there’s always at least a kernel of truth to the report or wouldn’t get much traction and the latest case is no different.

For those of you that aren’t crypto geeks (which, I hope for the sake of humankind is most of you), Ron, in this blog post heading and in the research paper than uncovered the vulnerability, is Ron Rivest (the “R” in the “RSA” cryptographic algorithm that is widely used across the Internet) and Whit is Whitfield Diffie of Diffie-Hellman key exchange protocol fame. Both Ron and Whit are giants in the crypto arena due to their many contributions.

You can read more about the vulnerability, it’s likelihood of impact and some countermeasures you can take in the following article from Dark Reading:

http://www.darkreading.com/taxonomy/index/printarticle/id/232602467

The net of it is that this is a bona fide risk but it isn’t likely to affect most web sites. So, the sky is not falling but I would recommend taking an umbrella…