[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Will we have any encryption left?

Subject: [ale] Will we have any encryption left?
From: djpfulio at jdpfu.com (DJ-Pfulio)
Date: Wed, 6 Jan 2016 11:23:19 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

On 01/06/2016 10:55 AM, Alex Carver wrote:
> http://arstechnica.com/security/2016/01/fatally-weak-md5-function-torpedoes-crypto-protections-in-https-and-ipsec/
> 
> (The referenced paper is embargoed behind a password at the moment)
> 
> I believe after Heartbleed and Poodle I have purged MD5 but now I'm not
> sure.  Have to wait for the paper to open up again and find out.

I had assumed HTTPS was broken for the last 8 yrs.  Anything that can be
modified by a government as part of the core solution cannot be trusted. HTTPS
depends on 2 things - trusted encryption and trusted DNS. DNS hasn't been
trustworthy ... er ... ever, so until DNSSEC is deployed world-wide, HTTPS
cannot be trusted.

OTOH, it is good-enough to buy stuff online, mostly. ;)

If you need perfect security, don't put it on a computer that has any networking
- wired, wifi, Bluetooth possible and use dm-crypt with a
non-government-approved, strong, encryption cipher.

IMHO.

Follow-Ups:
- [ale] Will we have any encryption left?
  - From: hooterpincher at gmail.com (Charles Shapiro)

References:
- [ale] Will we have any encryption left?
  - From: agcarver+ale at acarver.net (Alex Carver)

Prev by Date: [ale] Will we have any encryption left?
Next by Date: [ale] OT: it is only me or ... ?
Previous by thread: [ale] Will we have any encryption left?
Next by thread: [ale] Will we have any encryption left?
Index(es):
- Date
- Thread