[Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
L. Aaron Kaplan
kaplan at cert.at
Tue Jan 7 17:26:33 CET 2014
On Jan 5, 2014, at 4:27 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
>>
>>> 3DES isn't broken.
>> Triple DES provides about 112bit security (We've a section on the topic in the Paper in the Keylenghts section). All ciphers that we
>> recomend are at least at 128bit security.
>
> The document doesn't seem to say that it's trying to reach a 128
> bit security level over the whole chain. It seems to be happy
> with 2048 bit RSA keys. They also provide 112 bit security.
>
True, that's inconsistent.
I'll put it to the TODO list.
> If you really want to go for 128 bit, you need to have the RSA
> keys of at least something in the order of 3072 bit. If 2048
> is fine, 3DES is fine.
>
>
> Kurt
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
---
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140107/37d468d2/attachment.sig>
More information about the Ach
mailing list