[Ach] bettercrypto.org using non-optimal crypto?
azet at azet.org
Mon Jul 7 16:09:52 CEST 2014
Alan Orth wrote:
> Hey, all.
> I was just curious and checked the negotiated cipher suite used for
> bettercrypto.org, and I was a bit surprised to see that my Chrome 35 in
> GNU/Linux negotiated AES_256_CBC for encryption and SHA1 for message
Yup. That's up to Chrome. Not sure why it doesn't negotiate for AES-GCM
> SSL Labs gives an A+, but this doesn't seem optimal. AES-CBC is
> vulnerable to padding oracle attacks and SHA1 is a dubious hashing
> algorithm by 2014 standards.
It negotiated TLS 1.2, padding oracle attacks in TLS have been fixed
with TLS 1.1. So that's not a real concern. I agree that SHA-1 is
inferior. As HMAC it should be OK though. But I strongly agree that this
should be improved in our recommended cipherstring (as I've noted before
on the list).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Ach