[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] time to disable 3DES?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] time to disable 3DES?
From: Lee <ler762@xxxxxxxxx>
Date: Mon, 7 Oct 2013 21:49:29 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 07 Oct 2013 21:56:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=RMfHMmmY2OzXD+hYXY2bhhW2Qlyayh8CuasyblV8i3k=; b=m3+SEmOGCGvgK1P/GZNZ+Xxj64AM5yexdgvmbvxjx1aRtlIo8TeSXgSdF8Q3iDW0m+ +QjSOhFbbC9iyccBkp6EAY7Ad/5PoZwRN+rK/5OwT4StoJaSkYfAo47q2PmZZGMtZZvT 9fxKc5dG87+QhwN9JQdu8ZpAhDKZzrWCThQqH8SxnWikO734IftMvekiUL1/T0K2DPCm rbM6x9rUj33aWiT+WNoHmamwa74ZlCUPKvIec8uLYzjWF2OQwKwS00+4rUP2ZYcI6CO5 hiY1mn1422IFjmFOFP8ih1tmbSRgYlyZYCTAJfGtlBn/ntAEC3ipvTJxgQfiEJ2PKc71 P3Xg==
In-reply-to: <20131007223608.GA88071@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAD8GWssFe1e9tUuxe7Q9p+d5KNPF+eOZxO2hWU9N3=v1AVujwg@xxxxxxxxxxxxxx> <20131007223608.GA88071@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 10/7/13, Yawning Angel <yawning@xxxxxxxxxxxxxxx> wrote:
> * Lee <ler762@xxxxxxxxx> [2013-10-07 15:58:19 -0400]:
>> Isn't it time to quit using DES?
>>
>> Finally gave TBB a try (version 2.3.25-13), seems to me that the
>> firefox component needs a lot of hardening.
>
> DES != 3DES, and supporting 3DES suites is standard across major browsers.

Right.  But is it still safe to use?

> Additionally, having support for something does not mean that it will be used

but if it's turned off/disabled then I'm sure it won't be used

> (unless the webserver on the remote end is horrifically misconfigured, any
> one
> of the other CipherSuites sent in the ClientHello will be negotiated over
> the
> 3DES suites).

Who checks to see if the web server on the remote end is horrifically
misconfigured?
Not me..

> Considering that there are far better ways of attacking a TBB user than
> attacking the bulk cryptography I'm really failing to see the issue here.

My question is if there's a good reason to keep 3DES, not is there
some better way of attacking TBB users.

So...  if you're visiting a web site that does only 3DES encryption,
is that good enuf or do you say no thanks & go elsewhere?

Regards,
Lee
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] time to disable 3DES?
  - From: Yawning Angel

References:
- [tor-talk] time to disable 3DES?
  - From: Lee
- Re: [tor-talk] time to disable 3DES?
  - From: Yawning Angel

Prev by Author: Re: [tor-talk] time to disable 3DES?
Next by Author: Re: [tor-talk] time to disable 3DES?
Previous by thread: Re: [tor-talk] time to disable 3DES?
Next by thread: Re: [tor-talk] time to disable 3DES?
Index(es):
- Author
- Thread