[Ach] Improving Applied Crypto Hardening Draft
L. Aaron Kaplan
kaplan at cert.at
Fri Jan 10 09:58:03 CET 2014
Hi,
thanks for your feedback.
On Jan 10, 2014, at 9:42 AM, Manuel Kraus <ach at lsd.is> wrote:
> Hey there,
>
> I'm not sure, if this is the right way to put suggestions.
> Forgive me, if I'm wrong!
>
> My suggestion:
>
>
>
> a) Page 55
>
> Key Exchange Table
>
> - What is EECDH? Maybe you mean ECDHE instead?
>
> - You should add DHE as well, since this is the important non-ec key exchange on AES ciphers, like EDH is for the 3DES ciphers
>
okay, will look into this. Seems like it's a bug.
>
>
> b) I don't know how close you are to the guys at cert.at, but there are improvements possible too:
>
> The website "http://lists.cert.at/cgi-bin/mailman/options/ach" isn't SSL by default!
>
> I missed that detail and put my Ach-list password in cleartext... uhhh..
>
>
Yes, please note that we initially in the beginning of the project simply used the existing mailman infrastructure of my work place. One way forward is to improve the setup there, the other is to move to a different mailinglist server (and improve the setup at cert.at).
Note that Bettercrypto.org is not a CERT.at project, although I work there.
Hope this clarified it :) And yes, I agree with you.
>
> c) The list password is stored there in cleartext, I assume.
>
>
mailman
Yes, that setup needs to be improved. Thanks for the heads up.
a.
---
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140110/ca500645/attachment.sig>
More information about the Ach
mailing list