<div dir="ltr"><div>Rot13 FTW!<br><br></div>-- CHS<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 6, 2016 at 11:23 AM, DJ-Pfulio <span dir="ltr"><<a href="mailto:djpfulio@jdpfu.com" target="_blank">djpfulio@jdpfu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 01/06/2016 10:55 AM, Alex Carver wrote:<br>
> <a href="http://arstechnica.com/security/2016/01/fatally-weak-md5-function-torpedoes-crypto-protections-in-https-and-ipsec/" rel="noreferrer" target="_blank">http://arstechnica.com/security/2016/01/fatally-weak-md5-function-torpedoes-crypto-protections-in-https-and-ipsec/</a><br>
><br>
> (The referenced paper is embargoed behind a password at the moment)<br>
><br>
> I believe after Heartbleed and Poodle I have purged MD5 but now I'm not<br>
> sure. Have to wait for the paper to open up again and find out.<br>
<br>
</span>I had assumed HTTPS was broken for the last 8 yrs. Anything that can be<br>
modified by a government as part of the core solution cannot be trusted. HTTPS<br>
depends on 2 things - trusted encryption and trusted DNS. DNS hasn't been<br>
trustworthy ... er ... ever, so until DNSSEC is deployed world-wide, HTTPS<br>
cannot be trusted.<br>
<br>
OTOH, it is good-enough to buy stuff online, mostly. ;)<br>
<br>
If you need perfect security, don't put it on a computer that has any networking<br>
- wired, wifi, Bluetooth possible and use dm-crypt with a<br>
non-government-approved, strong, encryption cipher.<br>
<br>
IMHO.<br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br></div>