[Ach] bettercrypto.org using non-optimal crypto?
pepi.zawodsky at maclemon.at
Mon Jul 7 18:33:19 CEST 2014
On 07 Jul 2014, at 15:32, Alan Orth <alan.orth at gmail.com> wrote:
> I was just curious and checked the negotiated cipher suite used for
> bettercrypto.org, and I was a bit surprised to see that my Chrome 35 in
> GNU/Linux negotiated AES_256_CBC for encryption and SHA1 for message
Given the capabilities of Chrome this comes logically.
The exact cipher is: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
Chrome only supports AES in GCM mode for 128 bit strength, but not 256bits. This is the reason why Chrome trickles down to the cipher that is eventually used. The site doesn't support any 128bit ciphers.
BEAST is not exploitable in TLS 1.2.
LUCKY13 is exploitable but considered quite impractical.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4130 bytes
Desc: not available
More information about the Ach