[cryptography] DeCryptocat

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Jul 5 01:39:59 EDT 2013


Nadim Kobeissi <nadim at nadim.cc> writes:

>AES-GCM is already prioritized over RC4, but unfortunately most browsers
>don't support AES-GCM yet, which is why RC4 remains as the secondary choice.
>In the case that AES-GCM is not supported, we use RC4 instead of AES-CBC in
>order to mitigate for BEAST. If you have alternate suggestions to this,
>please let me know.

This:

http://tools.ietf.org/html/draft-gutmann-tls-encrypt-then-mac-03

pretty much cancels out about ten years worth of attacks on SSL/TLS'
integrity-checking. The only downside is that browser support at the moment
isn't there yet, although a number of TLS toolkits already handle it.

Peter.


More information about the cryptography mailing list