[Cryptography] The One True Cipher Suite

Mon, 09 Sep 2013 06:01:29 -0700 

On 9/09/13 02:16 AM, james hughes wrote:


I am honestly curious about the motivation not to choose more secure modes that 
are already in the suites?



Something I wrote a bunch of years ago seems apropos, perhaps minimally 
as a thought experiment:




Hypothesis #1 -- The One True Cipher Suite



In cryptoplumbing, the gravest choices are apparently on the nature of 
the cipher suite. To include latest fad algo or not? Instead, I offer 
you a simple solution. Don't.


    There is one cipher suite, and it is numbered Number 1.


Cypersuite #1 is always negotiated as Number 1 in the very first 
message. It is your choice, your ultimate choice, and your destiny. Pick 
well.



If your users are nice to you, promise them Number 2 in two years. If 
they are not, don't. Either way, do not deliver any more cipher suites 
for at least 7 years, one for each hypothesis.


           And then it all went to pot...


We see this with PGP. Version 2 was quite simple and therefore stable -- 
there was RSA, IDEA, MD5, and some weird padding scheme. That was it. 
Compatibility arguments were few and far between. Grumbles were limited 
to the padding scheme and a few other quirks.



Then came Versions 3-8, and it could be said that the explosion of 
options and features and variants caused more incompatibility than any 
standards committee could have done on its own.


           Avoid the Champagne Hangover

Do your homework up front.


Pick a good suite of ciphers, ones that are Pareto-Secure, and do your 
best to make the combination strong [1]. Document the short falls and do 
not worry about them after that. Cut off any idle fingers that can't 
keep from tweaking. Do not permit people to sell you on the marginal 
merits of some crazy public key variant or some experimental MAC thing 
that a cryptographer knocked up over a weekend or some minor foible that 
allows an attacker to learn your aunty's birth date after asking a 
million times.


Resist the temptation. Stick with The One.





http://iang.org/ssl/h1_the_one_true_cipher_suite.html
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

























					Reply via email to