[Cryptography] People should turn on PFS in TLS
Chris Palmer
snackypants at gmail.com
Fri Sep 6 21:02:22 EDT 2013
On Fri, Sep 6, 2013 at 5:34 PM, The Doctor <drwho at virtadpt.net> wrote:
> Symmetric cipher RC4 (weak 10/49)
> Symmetric key length 128 bits (weak 8/19)
> Cert issued by Google, Inc, US SHA-1 with RSA @ 2048 bit (MODERATE 2/6)
First time I've heard of 128-bit symmetric called "weak"... Sure, RC4
isn't awesome but they seem to be saying that 128-bit keys per se are
weak.
> Let's contrast this with ChaosPad:
> Symmetric cipher Camellia (STRONG 39/39)
> Symmetric key length 256 bits (STRONG 19/19)
> Cert issued by CAcert, Inc. SHA-1 with RSA @ 4096 bit (MODERATE 2/6)
Without good server authentication, the other stuff doesn't matter.
With Chrome, you get key pinning when talking to some sites (including
Google sites, Tor, and Twtitter); I'd much rather have that and "only"
128-bit symmetric. Also, I don't know why you weren't getting forward
secrecy; check your Firefox configuration.
More information about the cryptography
mailing list