[Cryptography] FREAK attack

Salz, Rich rsalz at akamai.com
Fri Mar 6 21:05:02 EST 2015

Based on the replies I am seeing, I realize that my question was not clear.  Let me try again.

Make a timeline for the past 15 years.  Which one cipher, *for each year* should SSL/TLS have used?  Won’t it change at least once?  Move it forward to project the cipher in use for the next 3-5 years because that’s what TLS WG is working on right now.

Once you have the list of ciphers, loosely describe the protocol changes needed to deploy.  If “pick a cipher” isn’t part of the initial handshake, does it become “pick a version”?  Or does the clinet connect ‘n’ times, with the associated TCP overhead?

If FREAK shows 512K RSA can be factored in under half a day, then perhaps 1K RSA, which some have picked for the base year, can probably be factored in a week or two.  So clearly, there has to be at least one change in your timelines.

Senior Architect, Akamai Technologies
IM: rsalz at jabber.me<mailto:rsalz at jabber.me> Twitter: RichSalz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150307/2c3a6985/attachment.html>

More information about the cryptography mailing list