[Cryptography] FREAK attack
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Mar 7 03:44:08 EST 2015
"Salz, Rich" <rsalz at akamai.com> writes:
>Make a timeline for the past 15 years. Which one cipher, *for each year*
>should SSL/TLS have used? Wonât it change at least once?
Nope, not really.
>Move it forward to project the cipher in use for the next 3-5 years because
>thatâs what TLS WG is working on right now.
EDH+RSA, 3DES, and HMAC-SHA1 (with EtM) would still work for the next 3-5
years, although they're getting pretty dated. Since AES has been around for
15 years now I'd have switched to EDH+RSA, AES, and HMAC-SHA2 at some point,
but the original question was what suite would work for 15 years, and that's
the one with 3DES et al.
>Once you have the list of ciphers, loosely describe the protocol changes
>needed to deploy.
None if you use the original suggestion throughout, or at most a best-suite-
suported flag to allow upgrade to the AES/SHA2 version.
>If FREAK shows 512K RSA can be factored in under half a day, then perhaps 1K
>RSA, which some have picked for the base year, can probably be factored in a
>week or two.
Perhaps, probably, go ahead and do it then. We'll wait here.
(OK, don't go ahead and do it because we won't hear from you for a very long
time, and your input would be missed, but you know what I mean).
Peter.
More information about the cryptography
mailing list