[cryptography] DeCryptocat

Nadim Kobeissi nadim at nadim.cc
Fri Jul 5 12:37:08 EDT 2013

On 2013-07-05, at 6:14 PM, Douglas Huff <mith at jrbobdobbs.org> wrote:

> On Jul 4, 2013, at 22:09, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> Nadim Kobeissi:
>>> ...
>>> AES-GCM is already prioritized over RC4, but unfortunately most
>>> browsers don't support AES-GCM yet, which is why RC4 remains as the
>>> secondary choice. In the case that AES-GCM is not supported, we use
>>> RC4 instead of AES-CBC in order to mitigate for BEAST. If you have
>>> alternate suggestions to this, please let me know.
>> None of the browsers supported by the plugin, certainly not those which
>> support forward secrecy, should be vulnerable to the BEAST attack. I
>> believe that almost everyone is using 1/n-1 record splitting or
>> something that is functionally similar.
>>> We've just removed some of the more obsolete suites that use 3DES.
>>> They were unlikely to be used anyway due to their very low priority.
>> Are you sure? I'm still seeing SSL3 with RSA and RC4 in Chrome. If the
>> SSL key is taken tomorrow, my session from today is compromised...
>>>>> ...
>> Also, I'll ask again:
>> Do you know how many users are impacted? How many users are actually
>> choosing the forward secret protocols?
> I too am interested in why you're avoiding these questions?

Sorry, I wasn't meaning to avoid any questions. I simply forgot to answer them. It's best to assume good will from others on a discussion list.

I do not know how many users choose forward secret protocols, nor do I imagine there is a standardized or easy way to derive that knowledge. This is why private keys were reset, even though we use forward secrecy.


> -- 
> Douglas Huff

More information about the cryptography mailing list