[ale] Will we have any encryption left?

Charles Shapiro hooterpincher at gmail.com
Thu Jan 7 09:59:06 EST 2016


Rot13 FTW!

-- CHS

On Wed, Jan 6, 2016 at 11:23 AM, DJ-Pfulio <djpfulio at jdpfu.com> wrote:

> On 01/06/2016 10:55 AM, Alex Carver wrote:
> >
> http://arstechnica.com/security/2016/01/fatally-weak-md5-function-torpedoes-crypto-protections-in-https-and-ipsec/
> >
> > (The referenced paper is embargoed behind a password at the moment)
> >
> > I believe after Heartbleed and Poodle I have purged MD5 but now I'm not
> > sure.  Have to wait for the paper to open up again and find out.
>
> I had assumed HTTPS was broken for the last 8 yrs.  Anything that can be
> modified by a government as part of the core solution cannot be trusted.
> HTTPS
> depends on 2 things - trusted encryption and trusted DNS. DNS hasn't been
> trustworthy ... er ... ever, so until DNSSEC is deployed world-wide, HTTPS
> cannot be trusted.
>
> OTOH, it is good-enough to buy stuff online, mostly. ;)
>
> If you need perfect security, don't put it on a computer that has any
> networking
> - wired, wifi, Bluetooth possible and use dm-crypt with a
> non-government-approved, strong, encryption cipher.
>
> IMHO.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160107/e13b730d/attachment.html>


More information about the Ale mailing list