[Cryptography] FREAK attack
Ryan Carboni
ryacko at gmail.com
Fri Mar 6 18:44:30 EST 2015
On 3/5/15 at 5:10 AM, rsalz at akamai.com (Salz, Rich) wrote:
> Make a timeline for the past 15 years. Which ONE cipher suite should
> SSL/TLS have used?
>
> And then, once that timeline is defined, can you describe, loosely, the
> protocol changes needed to deploy. But more importantly, if "pick a
> cipher" isn't part of the initial connection, does it become "pick a
> version"? Or does the client connect 'n' times, with the associated TCP
> overhead?
Very simple.
DHE-RSA-1024, RC4-128. I would double RC4's key scheduling rounds though.
Double-DES would also work, a man-in-the-middle attack isn't feasible in
any sense.
Date: Thu, 5 Mar 2015 10:08:35 -0800
From: Bill Frantz <frantz at pwpconsult.com>
> However, your point is well taken. If we stretch our time
> horizon to 25 years, we need to have concerns about really
> massively parallel attacks, and the quantum systems are making
> continued, if slow, progress.
128-bit ciphers are secure against quantum cryptography, as long as a
single quantum evaluation is equal or greater than 2^16 classical
evaluations. That would make the cost of a quantum attack equal to a 2^80
attack, which is pretty cost prohibitive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150306/c03d5b08/attachment.html>
More information about the cryptography
mailing list