[Cryptography] FREAK attack

Ryan Carboni ryacko at gmail.com
Fri Mar 6 18:44:30 EST 2015

On 3/5/15 at 5:10 AM, rsalz at akamai.com (Salz, Rich) wrote:

> Make a timeline for the past 15 years.  Which ONE cipher suite should
> SSL/TLS have used?
> And then, once that timeline is defined, can you describe, loosely, the
> protocol changes needed to deploy.  But more importantly, if "pick a
> cipher" isn't part of the initial connection, does it become "pick a
> version"?  Or does the client connect 'n' times, with the associated TCP
> overhead?

Very simple.
DHE-RSA-1024, RC4-128. I would double RC4's key scheduling rounds though.

Double-DES would also work, a man-in-the-middle attack isn't feasible in
any sense.

Date: Thu,  5 Mar 2015 10:08:35 -0800
From: Bill Frantz <frantz at pwpconsult.com>

> However, your point is well taken. If we stretch our time
> horizon to 25 years, we need to have concerns about really
> massively parallel attacks, and the quantum systems are making
> continued, if slow, progress.

 128-bit ciphers are secure against quantum cryptography, as long as a
single quantum evaluation is equal or greater than 2^16 classical
evaluations. That would make the cost of a quantum attack equal to a 2^80
attack, which is pretty cost prohibitive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150306/c03d5b08/attachment.html>

More information about the cryptography mailing list