[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] time to disable 3DES?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] time to disable 3DES?
From: ramo@xxxxxxxxxxxxxxx
Date: Tue, 8 Oct 2013 03:20:51 +0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 07 Oct 2013 19:41:42 -0400
In-reply-to: <CAD8GWsuxW=mKJ7_Y_b1dk9C7i94HOjmG6hsHJFfFZh7X79rHRQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD8GWssFe1e9tUuxe7Q9p+d5KNPF+eOZxO2hWU9N3=v1AVujwg@xxxxxxxxxxxxxx> <CAD2Ti28_fzZLdhCVTmKFCMDEwvMaqbwRLFpJ2MYLe_nzqy_ktg@xxxxxxxxxxxxxx> <CAD8GWsuxW=mKJ7_Y_b1dk9C7i94HOjmG6hsHJFfFZh7X79rHRQ@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I know approximately zip about crypto, but AES was selected as the
> replacement for DES back in 2000 & it seems like DES has always lived
> under the cloud of "did NSA deliberately weaken it?"   So why keep it
> around?  It's not like there are no alternatives..

That was the initial worry, but hasn't it since been shown that NSA strengthened DES against a type of attack only they knew about? 

http://en.wikipedia.org/wiki/National_Security_Agency#Data_Encryption_Standard

Cheers

Ramo

On Mon, Oct 07, 2013 at 05:55:57PM -0400, Lee wrote:
> On 10/7/13, grarpamp <grarpamp@xxxxxxxxx> wrote:
> > On Mon, Oct 7, 2013 at 3:58 PM, Lee <ler762@xxxxxxxxx> wrote:
> >> Isn't it time to quit using DES?
> >>
> >> Finally gave TBB a try (version 2.3.25-13), seems to me that the
> >> firefox component needs a lot of hardening.
> >>
> >> https://www.mikestoolbox.org/
> >
> > This may be a function of the crypto library on your box (if dynamic),
> > rather than the supplied firefox itself (which it would be if static).
> > I don't have TBB handy.
> 
> Sure seems to be a function of firefox.   Enter about:config in the
> url bar, enter security.ssl in the search bar, double-click lines
> containing 'des' to change the pref to false, revisit
> https://www.mikestoolbox.org/
> 
> 
> > printf 'GET / HTTP/1.0\n\n' \
> >  | openssl_101e s_client -connect www.mikestoolbox.org:https -ign_eof
> >  DHE-RSA-AES256-SHA256
> >
> > 0.9.8x: DHE-RSA-AES256-SHA
> >
> > And that particular toolbox doesn't seem to support certain suites, ie:
> > ECDHE-RSA-AES256-GCM-SHA384: handshake failure
> 
> The point was showing the ciphers supported by the browser.  For this
> case, I don't care what ciphers the server supports.
> 
> >> Client Cipher Suites:
> >
> > 3DES is probably not least of note as all posted were SHA1 or lesser.
> 
> Which means?
> 
> I know approximately zip about crypto, but AES was selected as the
> replacement for DES back in 2000 & it seems like DES has always lived
> under the cloud of "did NSA deliberately weaken it?"   So why keep it
> around?  It's not like there are no alternatives..
> 
> Regards,
> Lee
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJSU0HTAAoJEAXQWoW8lug/cEoH/jlbAPvugbCvymwVJZdHfmMh
h6xNJ/z9yazn+A+1eYLX8C4k+J4mvpnNs2SAHQ6kUZ8vX9H1O/9OOrVFx/c4QwUr
17h1orqwiaSqW8KnhPOhYstkWsiGYq3IUNkhn0MGRWIUf/TqUJ2F9xEz0xbG+1iT
fHJGDgssGvW2PtKVVHJBooGZ4XwL6Y5I/aYasedXFWsh4cE7uWw8MwE6kCmyQQy0
SoymE5gEFa12J0bhyZC1iPWchmdSGag+w0mcY4H/12QH9pROsIiekoYjTEJv14q9
bF3FttYNayS/JKJerZRTFA625mz7GYihZF9vYoLjwGBW0flpM3SabRIIZVGxAyE=
=C6j/
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] time to disable 3DES?
  - From: Lee

References:
- [tor-talk] time to disable 3DES?
  - From: Lee
- Re: [tor-talk] time to disable 3DES?
  - From: grarpamp
- Re: [tor-talk] time to disable 3DES?
  - From: Lee

Prev by Author: Re: [tor-talk] What's the proper way to reset entry guards?
Next by Author: Re: [tor-talk] Tor Weekly News ? October 9th, 2013
Previous by thread: Re: [tor-talk] time to disable 3DES?
Next by thread: Re: [tor-talk] time to disable 3DES?
Index(es):
- Author
- Thread