[Cryptography] People should turn on PFS in TLS
The Doctor
drwho at virtadpt.net
Fri Sep 6 23:49:34 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/06/2013 09:02 PM, Chris Palmer wrote:
> First time I've heard of 128-bit symmetric called "weak"... Sure,
> RC4 isn't awesome but they seem to be saying that 128-bit keys per
> se are weak.
calomel.org may be erring on the side of "weak" due to known
vulnerabilities in RC4.
> Without good server authentication, the other stuff doesn't
> matter.
I am inclined to agree with you.
> With Chrome, you get key pinning when talking to some sites
> (including Google sites, Tor, and Twtitter); I'd much rather have
> that and "only" 128-bit symmetric. Also, I don't know why you
> weren't getting forward secrecy; check your Firefox configuration.
I did some poking around inside its configuration and it does not seem
to be negotiating upward in strength, but for whatever it can get (see
other post this evening). I am uncertain as to why; some
investigation is in order, but slash/burn/upgrade may be safest.
- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/
Too bizarre for real life, too normal to wind up on Art Bell.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIqok4ACgkQO9j/K4B7F8HX2ACZAStTl0wR/JJqI7n182jLX6mD
5i0AnAopo0YASsPGYVVntF9KKUwwrpRN
=9Acb
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list