At 04:42 AM 9/10/2013, Jerry Leichter wrote:
On Sep 9, 2013, at 12:00 PM, Phillip Hallam-Baker wrote:
> Steve Bellovin has made the same argument and I agree with it. Proliferation of cipher suites is not helpful. > The point I make is that adding a strong cipher does not make you more secure. Only removing the option of using weak ciphers makes you more secure.

The reason you need to be able to support more than one cipher suite is so that you've got a mechanism for removing one if it's discovered to be weak in the future, and for adding a new one if none of your remaining suites are still strong.

1. If everyone uses the same cipher, the attacker need only attack that one cipher. 2. If there are thousands of ciphers in use, the attacker needs to attack some large fraction of them.

If there are thousands of ciphers in use, it's generally easier for the attacker to get people to use one of the weak ones
than to attack a large fraction of the not-currently-known-to-be-weak ones.

The big problem PGP ran into with compatibility wasn't so much because of cipher suites (after Bass-O-Matic was replaced), though avoiding the IDEA patent became important after violating the RSA patent wasn't a problem, but because it did too much bit-twiddling to use variable-length fields and was sloppy about boundaries,
which made it easy to exploit.

The cryptography mailing list

Reply via email to