You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
handshake security
About this tag
Handshake security on WindowsForum.com covers vulnerabilities in cryptographic handshake protocols, particularly those affecting peer-to-peer and decentralized networks. A key discussion involves CVE-2023-39533, a denial-of-service flaw in Go libp2p where oversized RSA keys during handshakes cause excessive CPU usage and service unavailability. The tag explores how such attacks exploit handshake verification processes, the impact on nodes running libp2p-based applications like IPFS and blockchain systems, and the importance of patching to mitigate CPU exhaustion. Topics include RSA key size limits, signature verification overhead, and securing handshake implementations against resource exhaustion attacks.
A high‑impact denial‑of‑service condition was disclosed in August 2023 that allows a malicious peer to cripple go‑libp2p nodes by presenting oversized RSA keys during cryptographic handshakes — forcing affected nodes to spend excessive CPU time verifying signatures and, in many cases, driving...