zlacker

[parent] [thread] 4 comments
1. spacef+(OP)[view] [source] 2014-12-28 23:40:17
Can't you see the pattern? Take all, break the crypto later. PFS might be next, who knows.

Yes, for now OTR and PGP is fine. There must be a big speculation on future breakthroughs regarding breaking crypto - otherwise they wouldn't build Bluffdale.

Edit: Instead of downvoting, how about taking position?

replies(2): >>acqq+a >>tptace+F3
2. acqq+a[view] [source] 2014-12-28 23:44:30
>>spacef+(OP)
It's not that the PFS is known to be broken, it's that it's actually still very rarely used (1)

The present is problematic enough, we don't even need to hypothesize on the future breakages.

1) http://en.wikipedia.org/wiki/Forward_secrecy

"As of December 2014, 20.0% of TLS-enabled websites are configured to use cipher suites that provide forward secrecy to web browsers."

IPSEC is also often configured with the disabled PFS, even if the RFC is from 1998 ( http://tools.ietf.org/html/rfc2412 )

3. tptace+F3[view] [source] 2014-12-29 01:15:13
>>spacef+(OP)
"PFS might be next, who knows"? What does that even mean? OTR and TLS PFS are closely related.
replies(1): >>acqq+7j
◧◩
4. acqq+7j[view] [source] [discussion] 2014-12-29 09:39:32
>>tptace+F3
Even when the PFS is configured, the defaults can be faulty:

https://www.imperialviolet.org/2013/06/27/botchingpfs.html

"I'm not aware of any open source servers that support anything like that."

The article is from June 2013, has anything changed since?

replies(1): >>tptace+qN
◧◩◪
5. tptace+qN[view] [source] [discussion] 2014-12-29 18:16:37
>>acqq+7j
Most sites that enable PFS do so with solid ECDH. It's hard to find PFS configuration guidelines that will give you breakable conventional DH groups.

The latter half of AGL's post is about systems security, not (really) the cryptographic security of TLS. It's about things you can do that would make NSA owning up your servers a greater or lesser threat to previously encrypted TLS sessions.

[go to top]