[Ach] bettercrypto.org using non-optimal crypto?

Alan Orth alan.orth at gmail.com
Mon Jul 7 15:32:42 CEST 2014


Hey, all.

I was just curious and checked the negotiated cipher suite used for
bettercrypto.org, and I was a bit surprised to see that my Chrome 35 in
GNU/Linux negotiated AES_256_CBC for encryption and SHA1 for message
authentication.

SSL Labs gives an A+, but this doesn't seem optimal.  AES-CBC is
vulnerable to padding oracle attacks and SHA1 is a dubious hashing
algorithm by 2014 standards.

Regards,

-- 
Alan Orth
alan.orth at gmail.com
http://alaninkenya.org
http://mjanja.co.ke
"I have always wished for my computer to be as easy to use as my
telephone; my wish has come true because I can no longer figure out how
to use my telephone." -Bjarne Stroustrup, inventor of C++
GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bettercrypto-ciphers.png
Type: image/png
Size: 182234 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140707/afb11a0d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140707/afb11a0d/attachment.sig>


More information about the Ach mailing list