On 10/15/2014 1:15 PM, Mark Rotteveel wrote:
On 13-10-2014 16:23, Jim Starkey wrote:
Why on earth would someone authenticate with SRP then drop in TLS?
...
SRP/RC4 is robust, efficient, secure, and provides perfect forward
security. TLS is none of these.
It would be worth your while to understand the nature of the RC4
weakness. The problem is not with RC4, per say, but key management.
If you encrypt a large number of messages with closely related keys (as
in WEP) or a large number of messages with the same key, you can
reasonably expect trouble as the RC4 key scheduling algorithm is know to
leak a tiny amount of information about the key. However, anSRP session
key is a function of:
* The account
* The password
* A session specific large random number generated on the server
* A session specific large random number generated on the client
* An account specific seed generated on the server when the original
password verifier was computed.
A session key is never reused, hence the tiny bit of key leakage is
insignificant.
So the larger question is, "If RC4 has a cloud over it for any reason,
why not just use AES-128?" This has a very simple answer: Performance.
I originally designed the NuoDB initial connect protocol to offer a
choice of encryption protocols, including RC4, AES-128, and AES-256.
When using AES-128 for all connections -- client and intra-server -- the
"fast" AES code consumed about 85% of all cycles. RC4, on the other
hand, used only 5 or 6%. In NuoDB, encryption is automatic with no
option to turn it off, AES would have made the product quite uncompetitive.
There is a trend against RC4 in favor of AES, based on general
ignorance, FUD, and inappropriate usage. But session specific keys
generated with robust crypto are completely secure in RC4.
Personally, I believe that everything should be encrypted, always.
Using practical, efficient, reasonable crypto makes this feasible. I
doubt that any database system that made mandatory use of AES could ever
succeed in the market.
But here's an interesting factoid for your software history buffs: The
first chairman of the Interbase Users Group was a serving NSA officer.
A nice thing about having NSA as a customer is that you don't get bug
reports. Or if you do, you don't know it's from them.
If anyone is interesting in a commentary on AES-128 vs. AES-256, I
strongly recommend this article:
http://blog.agilebits.com/2013/03/09/guess-why-were-moving-to-256-bit-aes-keys/
And, not only is the article good, the product behind it is very good
indeed. Strong crypto, well used.
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
