[Ach] Ciphers

Kurt Roeckx kurt at roeckx.be
Mon Dec 30 17:41:06 CET 2013 

On Mon, Dec 30, 2013 at 05:14:47PM +0100, L. Aaron Kaplan wrote:
> > 3DES should have 156 bit of security but is known to only have
> > 112 bit.  As I understand it, 112 bit also what is currently
> > recommended as the minimum size, matching the 2048 bit RSA key.
> > 3DES is slow, but there is no problems with it assuming
> > BEAST isn't a problem.  There are patches for XP that fix it.
> 
> Could you provide us with links to those patches?

http://technet.microsoft.com/en-us/security/Bulletin/MS12-006

It has the links for all their versions.

> It is a big problem yes, and I think you are hitting a weak spot.
> Again thanks a lot for pointing this out. I *do* believe we have lots and lots of Win XP users worldwide.
> Especially in developing countries (I dont like that word, but yes - countries where offices have copied old versions of Windows XP and they don't get security upgrades). We see lots of them at CERT.at

This is why I also specially mention BEAST.  The problem is that
if you care about those users you need to either go for the slow
3DES that might be vulnerable to BEAST, or go for RC4 which has
it's own problems.

> > It says the SHA-1 is broken.  But that's only for collision
> > attacks.  It's always used as part of an HMAC and we care about
> > the preimage resistance there and SHA-1 is fine there.
> Yes, see section 3.6 A note on SHA-1
> 
> >  MD5 isn't
> > even problematic in an HMAC, but there is no reason to keep using
> > it.  So SHA-1 is safe in the cipher string, but we want to avoid
> > it in the certificate.
> >  I think the certificate part is being done
> > by the browsers forcing the CAs to do that, but it of course
> > wouldn't hurt to check what the used for your certificate.
> > 
> Okay, so your input - if I understood you correctly - is to point out the difference in a clearer way?

Yes.

> Do you think we should describe the choice of cipher strings and cipher string ordering in more detail?

I'm not sure.  Maybe we need something about DHE vs ECDHE for
those people that care.


Kurt

More information about the Ach mailing list