Mailing List Archive
tlug.jp Mailing List tlug archive tlug Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Good Overview Of What Is Still Secure?
- Date: Thu, 12 Sep 2013 09:43:43 +0900
- From: Darren Cook <firstname.lastname@example.org>
- Subject: Re: [tlug] Good Overview Of What Is Still Secure?
- References: <522D26F5.email@example.com> <firstname.lastname@example.org> <email@example.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130330 Thunderbird/17.0.5
>> > Any suggestions for a good, up to date article that describes what is >> > potentially compromised, and what is still secure? >> >> Not off hand. The RISKs folks, Bruce Schneier's blog, stuff like that >> would be where I'd look. > > Also this http://blog.cryptographyengineering.com/2013/09/on-nsa.html, > the whole blog is worth reading. > ... > https://www.imperialviolet.org/2013/06/27/botchingpfs.html Thanks (and to Stephen). I spent some time yesterday working through these; also the slashdot thread . I got a good idea, but the dust on the conclusions hasn't settled yet (e.g. the imperialviolet page says how much better ECDHE is than DHE, but the "EC" is the elliptic curves that hackers might have a compromise for). Darren : http://yro.slashdot.org/story/13/09/05/1951204/nsa-foils-much-internet-encryption (I found this useful for pointing out that the CAs don't get the private keys, it is all kept browser-side, and also that a man-in-the-middle attack would be too easily noticed.)
- Re: [tlug] Good Overview Of What Is Still Secure?
- From: Nikolay Elenkov
Home | Main Index | Thread Index
- Prev by Date: Re: [tlug] Good Overview Of What Is Still Secure?
- Next by Date: Re: [tlug] Good Overview Of What Is Still Secure?
- Previous by thread: Re: [tlug] Good Overview Of What Is Still Secure?
- Next by thread: Re: [tlug] Good Overview Of What Is Still Secure?
Home Page Mailing List Linux and Japan TLUG Members Links