[Ach] Cipher List Notes

femir at qweepi.de femir at qweepi.de
Tue Nov 15 00:33:52 CET 2016

>> There is a key missunderstanding here. Having a broken random number
>> generator is the worst case scenario. But having a number generator with
>> a minor flaw, will not affect RSA keys, while it will breakt DSA keys.
> But with forward secrecy new keys are generated for each session in
> which case even RSA keys could be cracked faster than brute force even
> if the long term key wasn't cracked and was generated on a machine with
> a proper generator.

A single key for a single session, maybe (although as I understand it
RSA is not as easily affected in this case either).
But while with RSA only a session key will be compromised, with (EC)DSA,
the longterm DSA key for authentication will be cracked as well.

I don't know the chance, they will be lower but lets say one in a
thousand operations uses weak randomness.
That would only affect 0.1% of all users of the server with RSA.

Assuming your server has a thousand connections per hour, after that
time everyone will be compromised when DSA is used.

But lets assume there are mitigation that reduce the chance of this
happening to a minimum, making it unlikely to ever occur in 100 years.
It will still be an unneccessary risk.
No idea how low the chances really are.

More information about the Ach mailing list