[cryptography] the spell is broken

Nico Williams nico at cryptonector.com
Fri Oct 4 18:19:34 EDT 2013


On Fri, Oct 4, 2013 at 4:58 PM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
> On 2013-10-04, at 4:24 AM, Alan Braggins <alan.braggins at gmail.com> wrote:
>
>> Surely that's precisely because they (and SSL/TLS generally) _don't_
>> have a One True Suite, they have a "pick a suite, any suite" approach?
>
> And for those of us having to choose between preferring BEAST and RC4
> for our webservers, it doesn’t look like we are really seeing the expected
> benefits of “negotiate a suite”.  I’m not trying to use this to condemn the
> approach; it’s a single example. But it’s a BIG single example.

That's because so many ciphersuites shared the same damned problems.

When we went through the chained CBC problems in SSHv2 at least we had
CTR modes to fallback on.

There's a lesson here.  I'll make it two for now:

a) algorithm agility *does* matter; those who say it's ETOOHARD should
do some penitence;

b) algorithm agility is useless if you don't have algorithms to choose
from, or if the ones you have are all in the same "family".

Nico
--


More information about the cryptography mailing list