[Cryptography] People should turn on PFS in TLS

The Doctor drwho at virtadpt.net
Fri Sep 6 23:49:34 EDT 2013

Hash: SHA1

On 09/06/2013 09:02 PM, Chris Palmer wrote:

> First time I've heard of 128-bit symmetric called "weak"... Sure,
> RC4 isn't awesome but they seem to be saying that 128-bit keys per
> se are weak.

calomel.org may be erring on the side of "weak" due to known
vulnerabilities in RC4.

> Without good server authentication, the other stuff doesn't
> matter.

I am inclined to agree with you.

> With Chrome, you get key pinning when talking to some sites
> (including Google sites, Tor, and Twtitter); I'd much rather have
> that and "only" 128-bit symmetric. Also, I don't know why you
> weren't getting forward secrecy; check your Firefox configuration.

I did some poking around inside its configuration and it does not seem
to be negotiating upward in strength, but for whatever it can get (see
other post this evening).  I am uncertain as to why; some
investigation is in order, but slash/burn/upgrade may be safest.

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

Too bizarre for real life, too normal to wind up on Art Bell.

Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the cryptography mailing list