In some cases toy key sizes are necessary. E.g., classes where your students break encryption because the keys are weak or small.
Regards, Uri > On Oct 12, 2020, at 19:42, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > > Ilari Liusvaara <ilariliusva...@welho.com> writes: > >> The Diffie-Hellman support in TLS 1.2 is severly broken. There is no way to >> use it safely on client side. This has lead to e.g., all the web browers to >> remove support for it. > > It's actually pretty simple, don't use toy key sizes. Many implementations > were never vulnerable to Logjam et al because they applied the simple measure > of... not using toy key sizes. > >> There is no way to ensure that the parameters sent are not totally broken, >> e.g.: > > This requires that the server that you're connecting to is malicious. If > you're connecting to a malicious server then you've got bigger things to worry > about then what they set g to. > >> This has lead to e.g., all the web browers to remove support for it. > > Because throwing out the baby with the bathwater and jumping on the next shiny > thing that comes along every time someone points out a problem seems to be a > requirement for crypto protocol implementers. > > Peter. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
