Re: [Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
Julien Vehent writes: > I would argue that our documents target server configurations, where > AES-NI is now a standard. It is not. Many sites run on virtuals, often using kvm. And most kvm sites provide a QEMU Virtual CPU which only supports sse2. And even without kvm, there is still a /lot/ of pre-aes-ni hardware in use. -JimC -- James Cloos OpenPGP: 1024D/ED7DAEA6 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: [Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
On 5/01/14 18:27 PM, Kurt Roeckx wrote: On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote: 3DES isn't broken. Triple DES provides about 112bit security (We've a section on the topic in the Paper in the Keylenghts section). All ciphers that we recomend are at least at 128bit security. The document doesn't seem to say that it's trying to reach a 128 bit security level over the whole chain. It seems to be happy with 2048 bit RSA keys. They also provide 112 bit security. As others have mentioned, these aren't quite comparable. 3DES has an 8 byte block, which gives its own problems. AES is a stronger more modern algorithm. Key length isn't an exact proxy for security. Also, the setting of the RSA key is more driven by software capabilities and CA's capabilities & compliances with mountains of documents than anything else. Rather chalk & cheese, you can't just wind up the RSA key size by setting a param in config, more's the pity. iang If you really want to go for 128 bit, you need to have the RSA keys of at least something in the order of 3072 bit. If 2048 is fine, 3DES is fine. Kurt ___ Ach mailing list a...@lists.cert.at http://lists.cert.at/cgi-bin/mailman/listinfo/ach -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: [Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote: > > > 3DES isn't broken. > Triple DES provides about 112bit security (We've a section on the topic in > the Paper in the Keylenghts section). All ciphers that we > recomend are at least at 128bit security. The document doesn't seem to say that it's trying to reach a 128 bit security level over the whole chain. It seems to be happy with 2048 bit RSA keys. They also provide 112 bit security. If you really want to go for 128 bit, you need to have the RSA keys of at least something in the order of 3072 bit. If 2048 is fine, 3DES is fine. Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto