[Cryptography] TLS 1.0, Diffie-Hellman, RSA, AES128 CBC, SHA seriously qualified as «broken»?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Aug 30 03:09:27 EDT 2020
Thierry Moreau <thierry.moreau at connotech.com> writes:
>Am I too old to craft an apache/openssl secure configuration?
It's not you, it's me... I mean, it's the SSL assessment tool. There are a
pile of these around, and in general they're about 50% checking for known,
real security problems and 50% checking that you're making the fashion
statement that the creator of the tool believes everyone should be making this
year. For example recently I ran into a large B2B site that most of the time
would immediately drop the connection on seeing a client hello, and at other
times would drop it after going through the crypto handshake. Extensive
fingerprinting turned up the fact that the site's idea of "secure", apart from
running ~12-year-old server software, means a large list of RSA-only suites
(but they're secure because we use 2048-bit RSA), a much smaller list of ECDSA
suites, and nothing else. So you've got the choice between the least secure
keyex mechanism provided by the protocol (pure RSA) and the endlessly
vulnerability-plagued ECC suites (the latest papers on private-key-leaking
vulns are only a few weeks old), but no DHE at all. Someone's security best
practices doc apparently told them to do this.
>Your connection to this website uses weak encryption and is not private.
>Other people can view your information or modify the website's behavior.
>Information sent over the Internet without encryption can be seen by other
>people while it is in transit.
"This site is not virtue-signalling in a manner that we approve of. We will
therefore decry AES-128 and HMAC-SHA1, both unbroken, as insecure until they
perform the appropriate level of virtue signalling".
To quote Linus on the difference between kernel scheduler design and security:
> So the
> difference between them is simple: one is 'hard science'. The other one is
> 'people wanking around with their opinions'."
(and yes, that includes this post).
Peter.
More information about the cryptography
mailing list