Search Mailing List Archives
[liberationtech] Feds put heat on Web firms for master encryption keys
jna at retina.net
Thu Jul 25 13:43:34 PDT 2013
The reason why Twitter, Google, and other companies went to RC4 is because
of issues with AES. The CBC and known IV attacks permitted BEAST to occur.
RC4 was the safest way out.
Even then, RC4 can be broken. In short, no one on the Internet is running
SSL in a way that cannot be broken. Although, we have to be careful about
use of the word 'broken' here. Broken means: There is a known attack
against the cipher, which, given enough time, may work against your target.
As an industry, we need to move to AES/GCM and TLS1.2 as soon as possible,
but, for many people, the current level of security is adequate.
On Thu, Jul 25, 2013 at 1:26 PM, Florian Weimer <fw at deneb.enyo.de> wrote:
> > Google also declined to disclose whether it had received requests
> > for encryption keys. But a spokesperson said the company has "never
> > handed over keys" to the government,
> Surely they have provided hard disk images containing key material to
> aid government investigations related to themselves or their
> employees? Certainly, the key material wouldn't be the focus of the
> data sharing in such cases, but saying that it never happened is a bit
> of a stretch.
> But this pressure finally explains why Google would prefer ephemeral
> DH (for perfect forward secrecy) with RC4 over AES without it:
> This didn't make much sense at the time because is by far
> weakest-looking cipher in wide use. But if Google faced demands to
> disclose the private keys used by their TLS servers to enable passive
> eavesdropping, switching on perfect forward secrecy might counteract
> these demands.
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech