[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Security today

To: Michael Howard <Michael.Howard@xxxxxxxxxxxxx>
Subject: Re: [TLS] Security today
From: Benjamin Black <nostromo@xxxxxxxxx>
Date: Thu, 27 Mar 2008 19:13:20 -0700
Cc: "tls@xxxxxxxx" <tls@xxxxxxxx>
Delivered-to: tls@xxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:cc:message-id:from:to:in-reply-to:content-type:content-transfer-encoding:mime-version:subject:date:references:x-mailer; bh=Nhf1elevJrWImGZBfsfTaLWOfc0GA0Gw8u00dO1YTSY=; b=Ru5l0Ay9ArF96UrA/eCPHE5YkH7Vb8eysUzdazZcPH3ibD3RYwnYUYT63okI+38qQFYRpjgV0leFYCwZCjXxenZwqfG8lZ+Lej/gsh4k9LfBZXqkMmdfaPbC8+UUTjQwgsMwx1zmEDJFjNvaYyMQOyoTHOp3prkYwcA/yW+kA3E=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=cc:message-id:from:to:in-reply-to:content-type:content-transfer-encoding:mime-version:subject:date:references:x-mailer; b=gXN1UoTumnl/UZ2y7q24EnfC/LR5sjMgm6KUoY44qfB6xHWuI/pbTZFiaDc08Kfr3N6IJRZFb+f/4LyiYaIoen2SXDLfQcL0V2Z0uhBvviqkXV+ykZ8nCEs1Q1TU4058nJ9WhgWSEKi2LhaR/KDb8k0ZSYSjKAGi8B5MFlVdQfo=
In-reply-to: <0685A6ED2CB5D245B49DD0B07C3636CC2A8D543BC7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <47EC2A75.2050303@xxxxxxxxx> <0685A6ED2CB5D245B49DD0B07C3636CC2A8D543BC7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx

"People" do all manner of things with poor security.  The people who  
are, or should be, experts, however, should do better.  I believe  
Mike's point is that not only do they often not do better, they are  
actually doing better less then before (apologies for the horror of  
that syntax).


Ben

On Mar 27, 2008, at 4:59 PM, Michael Howard wrote:
> I think there is a deeper issue than this - people email sensitive  
> data all the time with no encryption...
>
> Cheers, Michael
> Writing Secure Code for Windows Vista: http://www.microsoft.com/MSPress/books/10723.aspx
> SDL Book: http://www.microsoft.com/MSPress/books/8753.asp
> Blog: http://blogs.msdn.com/michael_howard/
>
>
> -----Original Message-----
> From: tls-bounces@xxxxxxxx [mailto:tls-bounces@xxxxxxxx] On Behalf  
> Of Mike
> Sent: Thursday, March 27, 2008 6:15 PM
> To: tls@xxxxxxxx
> Subject: [TLS] Security today
>
> Is anyone else concerned about the level of security on the
> Internet today?  I mean everybody is using 1024-bit RSA keys
> which have an estimated 80 bits of security.  (Yet CA's are
> happy to claim that you get 128 or even 256 bits of security
> using them for SSL.)  RSA Labs even states that 1024-bit keys
> are good only until 2010, and they estimate 2048-bit keys
> will protect data until 2030.  Why use such small margins
> anyway?  Processors are already super fast and getting even
> faster.  Who cares if it takes an extra half second to buy a
> book if your financial data will be secure for several more
> decades?
>
> Not only will 1024-bit keys be broken "soon", but when that
> happens, it's not just a matter of replacing keys -- any data
> transmitted over a channel using plain RSA key exchange has
> no forward secrecy, and is thus exposed.  An added problem is
> that lots of websites will purposely ignore higher-security
> cipher suites (that do provide forward secrecy) early in the
> cipher list and choose RSA_WITH_RC4 preferentially, probably
> because it is slightly faster.  Even more fuel to the fire is
> the fact that many websites have disabled DHE_* cipher suites
> in the past few months (I thought my TLS test client was
> broken because sites that I used to connect to with DHE no
> longer negotiate it).
>
> What will it take to affect a change in this state of affairs
> that treats 1024-bit keys as secure?
>
> Mike
> _______________________________________________
> TLS mailing list
> TLS@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/tls
> _______________________________________________
> TLS mailing list
> TLS@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@xxxxxxxx
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Michael Howard

Prev by Date: Re: [TLS] Security today
Next by Date: Re: [TLS] Security today
Previous by thread: Re: [TLS] Security today
Next by thread: Re: [TLS] Security today
Index(es):
- Date
- Thread