Open mkenne11 opened 8 years ago
BTW. When performing a mitm I wouldn't try and complete the attack - factoring the 512 bit key wouldn't be feasible on most hardware.
I would try returning an export grade cipher in the server hello request, and if the client accepts it terminate the tls connection process.
As a learning exercise I am considering writing a data handler to detect the FREAK vulnerability: http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html
Do you think this is worth adding to ngtf?
My understanding is for the vulnerability to exist two issues need to be present:
I see ngtf already checks for issue 1 (export ciphers on the server) though.