[Ach] Ciphers

Rainer Hoerbe rainer at hoerbe.at
Tue Dec 31 15:55:38 CET 2013

Am 31.12.2013 um 15:24 schrieb Kurt Roeckx <kurt at roeckx.be>:

> On Tue, Dec 31, 2013 at 03:04:24PM +0100, René Pfeiffer wrote:
>> On Dec 31, 2013 at 1458 +0100, Aaron Zauner appeared and said:
>>> On 31 Dec 2013, at 14:24, Ralf Schlatterbeck <rsc at runtux.com> wrote:
>>>> Maybe we should keep the title of the document in mind: "Better Crypto"
>>>> -- there ain't no better crypto with Windows XP. Sad but true fact.
>>> I agree. We cannot make everyone 100% compatible or happy. I'm against
>>> RC4 in there. Even more now that cryptologists like DJB suggest that NSA
>>> had a "breakthough" with RC4 a couple of years ago already. Attacks are
>>> well known in literature since the mid-90ies too.
>> Plus if there's a ,,breakthough" with RC4, there's probably a ,,breakthough"
>> with Windows XP security, too.
> So I've been looking for statistics, but I can't seem to find a
> place that really has the stats I want.  And depending on who you
> ask you also get widely different answers.  Windows XP users would
> be somewhere between 10% and 25%.  But the only problematic part
> would be those using internet explorer.  The best guess I can find
> for that is 10% of all users use internet explorer on windows XP.
> And I'm not sure I want to keep 10% of my users away.  But this will
> most likely totally depend on the area, some will see more, some
> see less.
> So the choise is between not having those users, RC4 and 3DES.  And
> I would go for 3DES in that case.

From tomorrow on MS will XP have disappear from the security landscape ;-)

I would agree with 3DES - it is still hard to attack, and 112 bit are considered equivalent to RSA 2048. But not with RC4, because the knowns and unkowns mentioned before.

A commonly recommended practice for such a case is assess the risk per server or application, and assign a cipher suite according to the security level, e.g. low - medium - high. However, there are 2 drawback in including a low-end cipher suite in a "better crypto" recommendation: (a) most users do not know/understand risk zones and reuse passwords across services (on source quoting an average of 5 services per password), thus jeopardizing high-security zones (b) Quick-readers will not check the details and think that the low end is good enough, and some will not check the settings ever again for the life time of the server.

- Rainer

More information about the Ach mailing list