-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I know approximately zip about crypto, but AES was selected as the > replacement for DES back in 2000 & it seems like DES has always lived > under the cloud of "did NSA deliberately weaken it?" So why keep it > around? It's not like there are no alternatives..
That was the initial worry, but hasn't it since been shown that NSA strengthened DES against a type of attack only they knew about? http://en.wikipedia.org/wiki/National_Security_Agency#Data_Encryption_Standard Cheers Ramo On Mon, Oct 07, 2013 at 05:55:57PM -0400, Lee wrote: > On 10/7/13, grarpamp <[email protected]> wrote: > > On Mon, Oct 7, 2013 at 3:58 PM, Lee <[email protected]> wrote: > >> Isn't it time to quit using DES? > >> > >> Finally gave TBB a try (version 2.3.25-13), seems to me that the > >> firefox component needs a lot of hardening. > >> > >> https://www.mikestoolbox.org/ > > > > This may be a function of the crypto library on your box (if dynamic), > > rather than the supplied firefox itself (which it would be if static). > > I don't have TBB handy. > > Sure seems to be a function of firefox. Enter about:config in the > url bar, enter security.ssl in the search bar, double-click lines > containing 'des' to change the pref to false, revisit > https://www.mikestoolbox.org/ > > > > printf 'GET / HTTP/1.0\n\n' \ > > | openssl_101e s_client -connect www.mikestoolbox.org:https -ign_eof > > DHE-RSA-AES256-SHA256 > > > > 0.9.8x: DHE-RSA-AES256-SHA > > > > And that particular toolbox doesn't seem to support certain suites, ie: > > ECDHE-RSA-AES256-GCM-SHA384: handshake failure > > The point was showing the ciphers supported by the browser. For this > case, I don't care what ciphers the server supports. > > >> Client Cipher Suites: > > > > 3DES is probably not least of note as all posted were SHA1 or lesser. > > Which means? > > I know approximately zip about crypto, but AES was selected as the > replacement for DES back in 2000 & it seems like DES has always lived > under the cloud of "did NSA deliberately weaken it?" So why keep it > around? It's not like there are no alternatives.. > > Regards, > Lee > -- > tor-talk mailing list - [email protected] > To unsusbscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJSU0HTAAoJEAXQWoW8lug/cEoH/jlbAPvugbCvymwVJZdHfmMh h6xNJ/z9yazn+A+1eYLX8C4k+J4mvpnNs2SAHQ6kUZ8vX9H1O/9OOrVFx/c4QwUr 17h1orqwiaSqW8KnhPOhYstkWsiGYq3IUNkhn0MGRWIUf/TqUJ2F9xEz0xbG+1iT fHJGDgssGvW2PtKVVHJBooGZ4XwL6Y5I/aYasedXFWsh4cE7uWw8MwE6kCmyQQy0 SoymE5gEFa12J0bhyZC1iPWchmdSGag+w0mcY4H/12QH9pROsIiekoYjTEJv14q9 bF3FttYNayS/JKJerZRTFA625mz7GYihZF9vYoLjwGBW0flpM3SabRIIZVGxAyE= =C6j/ -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
