[cryptography] the spell is broken

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Oct 4 03:52:28 EDT 2013


Jon Callas <jon at callas.org> writes:

>In Silent Text, we went far more to the "one true ciphersuite" philosophy. I
>think that Iang's writings on that are brilliant.

Absolutely.  The one downside is that you then need to decide what the OTS is
going to be.  For example Mozilla (at least via Firefox) seems to think it
involves Camellia (!!!?!!?).

>One True Suite works until that suite is no longer true, and then you're left
>hanging.

One way to deal with this that got discussed some time ago over dinner (dining 
geeks, not cryptographers) is to swap at random among a small number of 
probably-OK suites and/or algorithms, a sort of probabilistic-security defence 
against the OTS having a problem.  It's not like there's a shortage of them 
in... well, SSH, SSL/TLS, PGP, S/MIME, etc, anything really.

Peter.


More information about the cryptography mailing list