[cryptography] the spell is broken

Erwann Abalea eabalea at gmail.com
Sat Oct 5 15:13:28 EDT 2013

2013/10/4 Paul Wouters <paul at cypherpunks.ca>

> [...]
> People forget the NSA has two faces. One side is good.  NIST and FIPS
> and NSA are all related. One lesson here might be, only use FIPS when
> the USG requires it. That said, a lot of FIPS still makes sense. I'm
> surely not going to stick with md5 or sha1.
We're still using HMAC-SHA1 for most TLS ciphersuites, RSA(MD5||SHA1) for
TLS signatures (until TLS1.2), and RSA(SHA1) to sign (EC)DHE parameters.
SHA1 is still there.

There are alternatives, it doesn't hurt to get them in place.
> Yes, like the IETF brainpool drafts.

RFC5639 standardized the curves, RFC7027 allows them to be used for TLS.
They're no more drafts.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131005/a70ebb66/attachment.html>

More information about the cryptography mailing list