[Cryptography] open questions in secure protocol design?

Michael Kjörling michael at kjorling.se
Tue May 26 05:53:20 EDT 2015

On 25 May 2015 18:48 -0700, from bascule at gmail.com (Tony Arcieri):
> On Sat, May 23, 2015 at 9:19 AM, ianG <iang at iang.org> wrote:
>> 1.  One True Cipher Suite versus Algorithm Agility?
> One interesting anecdote from that RFC was WEP. It was the "one true
> ciphersuite" for 802.11 security. Unfortunately WEP was rather broken, so
> IEEE rushed the development and deployment of WPA, which was likewise
> broken in many ways. As a result of this whole debacle, for over half a
> decade most devices were incapable of making secure WiFi connections.

In all fairness, had it started out as an Algorithm Agility approach
but (still) with only a single cipher specified to begin with, given
that home networking equipment rarely gets firmware updates and is
often more or less abandoned by the vendor relatively soon after it
makes it onto the market, it is quite possible that the situation
would still have been the same: lots of devices capable of using only
a single, broken means of ensuring transmission confidentiality.

Algorithm agility doesn't really help much if you don't have a plan
for effectively implementing it in practice. Which pretty much means
you need to have a plan to both support the devices involved as well
as for how to push upgrades to users. Plus again the problem of ending
support for cipher suites that turn out to be less secure than

Having multiple cipher suites, on the other hand, just means an
attacker has to find a way to trick the device into using one of the
less secure cipher suites. Cue FREAK, POODLE, Logjam and friends.

Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list