[Cryptography] FREAK attack

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Mar 5 23:13:15 EST 2015

Bill Frantz <frantz at pwpconsult.com> writes:
>On 3/5/15 at 5:10 AM, rsalz at akamai.com (Salz, Rich) wrote:
>>Make a timeline for the past 15 years.  Which ONE cipher suite should 
>>SSL/TLS have used?
>While they are getting kind of long in the tooth, RSA-2048, 3DES, 
>DHE-1024, & SHA1 would not have been bad choices. 

+1.  The only other requirement would be to go to EtM, which Hugo Krawczyk 
pointed out for SSL in "The Order of Encryption and Authentication" about 
fifteen years ago, so that falls within the "past 15 years" requirement.

Make that change and about 95% of all crypto-related atacks on SSL/TLS [0] 
would never have happened (NB: this is specifically crypto-related attacks, 
not protocol flaws like rehandshake issues which fall outside the scope of the 


[0] Anyone want to go through the complete catalogue and see whether anything
    would have succeeded?  The "95%" figure is freely pulled from thin air,
    but it could be closer to 100%.

More information about the cryptography mailing list