[Cryptography] ratcheting DH strengths over time
Perry E. Metzger
perry at piermont.com
Mon Nov 16 13:19:26 EST 2015
On Mon, 16 Nov 2015 12:54:37 -0500 Jerry Leichter <leichter at lrw.com>
wrote:
> Our symmetric cryptography, on the other hand, is based on
> algorithms that we believe cannot be attacked using anything
> significantly better than a brute-force attack.
However, it is frequently the case that this proves false. See again
RC4, various hash functions, etc., and even various cryptographic
modes (like various block cipher modes) that prove less secure than
was previously believed.
Over the long term, one needs to be able to abandon one cipher suite
and move to another. Sadly, that has proven hard in practice.
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list