[Cryptography] FREAK attack

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Mar 7 03:44:08 EST 2015

"Salz, Rich" <rsalz at akamai.com> writes:

>Make a timeline for the past 15 years.  Which one cipher, *for each year*
>should SSL/TLS have used?  Won’t it change at least once?  

Nope, not really.

>Move it forward to project the cipher in use for the next 3-5 years because
>that’s what TLS WG is working on right now.

EDH+RSA, 3DES, and HMAC-SHA1 (with EtM) would still work for the next 3-5
years, although they're getting pretty dated.  Since AES has been around for
15 years now I'd have switched to EDH+RSA, AES, and HMAC-SHA2 at some point,
but the original question was what suite would work for 15 years, and that's
the one with 3DES et al.

>Once you have the list of ciphers, loosely describe the protocol changes
>needed to deploy.

None if you use the original suggestion throughout, or at most a best-suite-
suported flag to allow upgrade to the AES/SHA2 version.

>If FREAK shows 512K RSA can be factored in under half a day, then perhaps 1K
>RSA, which some have picked for the base year, can probably be factored in a
>week or two.

Perhaps, probably, go ahead and do it then.  We'll wait here.

(OK, don't go ahead and do it because we won't hear from you for a very long
time, and your input would be missed, but you know what I mean).


More information about the cryptography mailing list