[146961] in cryptography@c2.net mail archive
Re: [Cryptography] What TLS ciphersuites are still OK?
daemon@ATHENA.MIT.EDU (james hughes)
Tue Sep 10 12:02:42 2013
X-Original-To: cryptography@metzdowd.com
In-reply-to: <CAHOTMVJk0zitB-qFrqK-JzDG-BDiHP_rEQ+wJfSjVr4dweRVrQ@mail.gmail.com>
From: james hughes <hughejp@mac.com>
Date: Tue, 10 Sep 2013 07:58:06 -0700
To: Tony Arcieri <bascule@gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
Ben Laurie <ben@links.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3337703966922440315==
Content-transfer-encoding: 7bit
Content-type: multipart/alternative;
boundary=Apple-Mail-6AD303AA-A36D-4EDA-B0B3-5F6B09FBE808
--Apple-Mail-6AD303AA-A36D-4EDA-B0B3-5F6B09FBE808
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
On Sep 9, 2013, at 9:10 PM, Tony Arcieri <bascule@gmail.com> wrote:
> On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie <ben@links.org> wrote:
>> And the brief summary is: there's only one ciphersuite left that's good, a=
nd unfortunately its only available in TLS 1.2:
>>=20
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>=20
> A lot of people don't like GCM either ;)=20
Yes, GCM does have implementation sensitivities particularly around the IV g=
eneration. That being said, the algorithm is better than most and the implem=
entation sensitivity obvious (don't ever reuse an IV).=
--Apple-Mail-6AD303AA-A36D-4EDA-B0B3-5F6B09FBE808
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: 7bit
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><br></div><div><br>On Sep 9, 2013, at 9:10 PM, Tony Arcieri <<a href="mailto:bascule@gmail.com">bascule@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div dir="ltr">On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie <span dir="ltr"><<a href="mailto:ben@links.org" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=ben@links.org&cc=&bcc=&su=&body=','_blank');return false;">ben@links.org</a>></span> wrote:<br>
<div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">
<div>And the brief summary is: there's only one ciphersuite left that's good, and unfortunately its only available in TLS 1.2:</div><div><br></div><div><pre style="font-size:1em;margin-bottom:0px;margin-top:0px">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</pre>
</div></div></blockquote><div><br></div><div>A lot of people don't like GCM either ;) </div></div></div></div></blockquote><br><div>Yes, GCM does have implementation sensitivities particularly around the IV generation. That being said, the algorithm is better than most and the implementation sensitivity obvious (don't ever reuse an IV).</div></body></html>
--Apple-Mail-6AD303AA-A36D-4EDA-B0B3-5F6B09FBE808--
--===============3337703966922440315==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3337703966922440315==--
