[Cryptography] Fwd: OPENSSL FREAK
Ray Dillinger
bear at sonic.net
Fri Apr 3 15:24:01 EDT 2015
On 04/03/2015 12:09 PM, Florian Weimer wrote:
> * Ray Dillinger:
>
>> It was a simple idea then, and is still simple. A death note is
>> simply a proof that the encryption has been broken,
>
> The trouble here is that most primitives are considered broken well
> before a death node can be constructed which could be recognized by a
> program written a decade ago. For example, there is wide consensus
> not to use HMAC-MD5 or SHA-1, although no concrete proof of their
> unsuitability for practical applications has been published.
Those are not yet full-scale emergencies. You have time to plan
and implement a more reasonable and measured response in those
cases, so use of something as drastic as the Death Note would
not be inappropriate in such cases. To go back to my dam metaphor
that's spotting weaknesses in the levee before it breaks, while
there's still time to make repairs and/or evacuate the area.
The Death Note is disaster management for full-scale emergencies
where time to plan and implement a more reasonable and measured
response has already, clearly, *provably* run out. You can't
deploy it without doing some damage, but the damage you'd do
by NOT deploying it is worse. Death Notes cannot and should
not appear until the cipher or whatever primitive has broken
so very badly that damage is unavoidable.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150403/3ec18920/attachment.sig>
More information about the cryptography
mailing list