20160302-2 选题

sources/tech/20160301 More than 11 Million HTTPS Websites Imperiled by New Decryption Attack.md

@@ -0,0 +1,26 @@
+More than 11 Million HTTPS Websites Imperiled by New Decryption Attack
+===========================================================================
+
+![](https://www.linux.com/images/stories/66866/drown-explainer.jpg)
+
+Low-cost DROWN attack decrypts data in hours, works against TLS e-mail servers, too. 
+
+More than 11 million websites and e-mail services protected by the [transport layer security protocol[[1] are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 81,000 of the top 1 million most popular Web properties are among the vulnerable HTTPS-protected sites.
+
+The attack works against TLS-protected communications that rely on the [RSA cryptosystem][2] when the key is exposed even indirectly through SSLv2, a TLS precursor that was retired almost two decades ago because of crippling weaknesses. The vulnerability allows an attacker to decrypt an intercepted TLS connection by repeatedly using SSLv2 to make connections to a server.
+
+
+--------------------------------------------------------------------------------
+
+via: https://www.linux.com/news/software/applications/889455--more-than-11-million-https-websites-imperiled-by-new-decryption-attack
+
+作者：[ArsTechnica][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://www.linux.com/community/forums/person/112
+[1]: https://en.wikipedia.org/wiki/Transport_Layer_Security
+[2]: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
+