On Wed, 24 Aug 2016 19:24:22 +0200 Akendo <[email protected]> wrote: > As far I see this, when following the recommendation for server like > nginx or OpenVPN 3DES is disabled and it should not be an issue, > correct?
There's probably not a whole lot for the bettercrypto guide, yet this has some interesting aspects. One that I think hasn't come up a lot before is limiting keepalive connections. We actually thought about that during writing the GCM nonce paper as well. Crypto attacks that require a lot of data to be encrypted *with the same key* can be effectively mitigated with a practically irrelevant performance hit if you limit requests over one connection to - let's say - 100 (like apache does). What might also be interesting is looking into more unusual protocols that might still use blowfish or 3des. It was used in SSH, but lately OpenSSH has aggressively deprecated everything old. These ciphers were more or less considered secure. While the block collission issue is not really new, it may not have been known so widely. -- Hanno Böck https://hboeck.de/ mail/jabber: [email protected] GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
pgpDSGzaeyotJ.pgp
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
