[cryptography] the spell is broken
eabalea at gmail.com
Sat Oct 5 15:13:28 EDT 2013
2013/10/4 Paul Wouters <paul at cypherpunks.ca>
> People forget the NSA has two faces. One side is good. NIST and FIPS
> and NSA are all related. One lesson here might be, only use FIPS when
> the USG requires it. That said, a lot of FIPS still makes sense. I'm
> surely not going to stick with md5 or sha1.
We're still using HMAC-SHA1 for most TLS ciphersuites, RSA(MD5||SHA1) for
TLS signatures (until TLS1.2), and RSA(SHA1) to sign (EC)DHE parameters.
SHA1 is still there.
There are alternatives, it doesn't hurt to get them in place.
> Yes, like the IETF brainpool drafts.
RFC5639 standardized the curves, RFC7027 allows them to be used for TLS.
They're no more drafts.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography