[Ach] Cipher List Notes
alice at librelamp.com
Tue Nov 15 23:01:43 CET 2016
On 11/14/2016 03:33 PM, femir at qweepi.de wrote:
>>> There is a key missunderstanding here. Having a broken random number
>>> generator is the worst case scenario. But having a number generator with
>>> a minor flaw, will not affect RSA keys, while it will breakt DSA keys.
>> But with forward secrecy new keys are generated for each session in
>> which case even RSA keys could be cracked faster than brute force even
>> if the long term key wasn't cracked and was generated on a machine with
>> a proper generator.
> A single key for a single session, maybe (although as I understand it
> RSA is not as easily affected in this case either).
> But while with RSA only a session key will be compromised, with (EC)DSA,
> the longterm DSA key for authentication will be cracked as well.
> I don't know the chance, they will be lower but lets say one in a
> thousand operations uses weak randomness.
> That would only affect 0.1% of all users of the server with RSA.
> Assuming your server has a thousand connections per hour, after that
> time everyone will be compromised when DSA is used.
> But lets assume there are mitigation that reduce the chance of this
> happening to a minimum, making it unlikely to ever occur in 100 years.
> It will still be an unneccessary risk.
> No idea how low the chances really are.
My understanding the risk with ECDSA can be mitigated by using a
deterministic k and there is an RFC on it.
More information about the Ach