[Ach] Shouldn't ECDHE be preferred over EDH and EECDH?
Martin J
rc6encrypted at gmail.com
Tue Apr 22 02:40:32 CEST 2014
Hi,
In many places throughout the text are EDH and EECDH used (e.g. Apache),
and in the OpenVPN section is ECDHE is explicitly written that it have been
excluded. ECDHE offers forward secrecy, which prevents captured packages to
be decrypted later on, even when having the private key.
According to this talk by Nadia Heninger djb Tanja Lange given at 30C3 last
year, those not ending with 'E' have other problems, and should be avoided.
Please see and the next 5 minutes.
http://youtu.be/HJB1mYEZPPA?t=20m50s
Why are ECDHE not the preferred in the text?
Best regards,
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140422/276cf5aa/attachment.html>
More information about the Ach
mailing list