Heartbleed Bug
-
> SHA2 and SHA3 do not exist.
https://en.wikipedia.org/wiki/SHA-2
https://en.wikipedia.org/wiki/SHA-3
Literally ten seconds of Google.
SHA-512 is just a variant of SHA-2, as SHA-2 allows various sizes of the hash. You didn't seriously think SHA-1 was a 1 bit hash, did you?
EDIT: Also SHA-2 is recommended by the NSA, not 1, as they designed 2 specifically to replace 1.
Edited once by MiningMarsh. Last: 24th Apr 2014 -
(Not A Necro yet.)
Yet another OpenSSL vunrability:
http://www.openssl.org/news/secadv_20140605.txt
Yay. As in crap.
-
@OC39648 (View Post)
Vulnerabilities in programs like this are discovered all the time, this specific one doesn't seem as bad as the Heartbleed bug because it requires a man in the middle attack and you can only get the traffic between one exploitable client and server. Of course ... that's still bad though.
I just updated openssl on my computer yesterday, so hopefully I have the fix :) -
@OC39648 (View Post)
everything gets exploits sometimes, that doesn't make it terrible. You can find lists of exploits that were at one time in things like windows, IE, firefox, chrome, the linux kernel, java, php, and so on. That doesn't mean every piece of software ever written is bad, at least the bugs get patched quickly.
Without OpenSSL the internet would be far less secure ... SSL is used to secure lots of things (https pages), there are alternatives but even those have bugs sometimes too.
