On 10/7/13, Yawning Angel <[email protected]> wrote: > * Lee <[email protected]> [2013-10-07 15:58:19 -0400]: >> Isn't it time to quit using DES? >> >> Finally gave TBB a try (version 2.3.25-13), seems to me that the >> firefox component needs a lot of hardening. > > DES != 3DES, and supporting 3DES suites is standard across major browsers.
Right. But is it still safe to use? > Additionally, having support for something does not mean that it will be used but if it's turned off/disabled then I'm sure it won't be used > (unless the webserver on the remote end is horrifically misconfigured, any > one > of the other CipherSuites sent in the ClientHello will be negotiated over > the > 3DES suites). Who checks to see if the web server on the remote end is horrifically misconfigured? Not me.. > Considering that there are far better ways of attacking a TBB user than > attacking the bulk cryptography I'm really failing to see the issue here. My question is if there's a good reason to keep 3DES, not is there some better way of attacking TBB users. So... if you're visiting a web site that does only 3DES encryption, is that good enuf or do you say no thanks & go elsewhere? Regards, Lee -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
