[Cryptography] freedom-to-tinker.com: How is NSA breaking so much crypto?

Louis Kowolowski louisk at cryptomonkeys.org
Fri Oct 16 21:04:02 EDT 2015


On Oct 16, 2015, at 5:47 PM, John-Mark Gurney <jmg at funkthat.com> wrote:
> 
> Louis Kowolowski wrote this message on Fri, Oct 16, 2015 at 17:24 -0700:
>>> ...
>> It could be done on bootup, and the web server could have a dependency on it (sprinkle in other services as appropriate). It would (potentially) delay things slightly, but the benefits would far outweigh the loss of a few seconds.
> 
> I was replying to the comment that it should be done on every connection.
> 
> I did think about doing something like that before, but you have to
> realize that changing generated DH params can leak information.  If
> an OS vendor changes it per release, it's easy to figure out what
> release they are running..  If you change it per boot, then you'll
> figure out when they patch/upgrade...
> 
> Changing it on a regular basis, like every night/week/month would be
> best, though most applications don't know how to refresh the dh params
> while running which means you'll suffer an interruption when restarting
> the service...
> 
> IMO, just going to 2048 bit DH params makes the most sense.
> 
Sure, but now we’re getting to implementation questions because we already have an idea of a way we could make it better. It doesn’t have to be perfect, incremental steps is just fine.

If you want to discuss implementation ideas offline, I’d be happy to toss ideas around.

--
Louis Kowolowski                                louisk at cryptomonkeys.org <mailto:louisk at cryptomonkeys.org>
Cryptomonkeys:                                   http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>

Making life more interesting for people since 1977

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151016/cdb09264/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151016/cdb09264/attachment.sig>


More information about the cryptography mailing list